thomson reuters case study: update on unifying identity platforms
TRANSCRIPT
2
AGENDA
• Thomson Reuters company overview
• Background & objectives for project
• Implementation strategy
• Progress & roadmap
• Integration example
• Lessons learned
THOMSON REUTERS OVERVIEW
REUTERS NEWSPowered by more than 2,800 journalists reporting in 20 languages from bureaus around the world, Reuters is the world’s
largest international news organization
INTELLECTUAL PROPERTY AND SCIENCE
Powerful tools to support discovery and innovation and to protect intellectual property rights around the globe
TAX & ACCOUNTING
Leading solutions for accounting, tax, and corporate finance professionals
LEGAL
Tools and services for law firms to manage and grow their businesses
FINANCIAL & RISK
Comprehensive information solutions for financial market professionals
5
THOMSON REUTERS IDENTITY SYSTEMS
GGO
Legal
F&R
Thomson One
0.35K
AAAEikon
0.30M users
Espresso
Trade Web
OnePass110 Products1.5M users
FindLaw
Prism
Steam7 Products6M users
-
Zawya
Infolex
One Source20 Products
0.1M
CUAS0.6M
NetFirms 1.6M
-
-
-Tedesco
Domino
-
Integra
Sterion
Brandy
IP Manage
r
-
Work IAM
Street Events
eMaxx
Baseline
Data Stream
• 9000 firms subscribe to products across four business units
• 80+ different authentication systems/directories• Know your customer - we don’t know the name or
email address for nearly half of our end customers• Must create a better experience for both end users
and company administrators
6
THOMSON REUTERS ID OBJECTIVES
Customer Benefits
One login for all products, services,
websites
Identity for life; take your profile and preferences
with you
Simplified Admin for customers
TR Business Benefits
Better user information for
Sales & Marketing
Simplify content and service integration
Lower cost
TR Technical Benefits
Improve security and compliance.
Meet data residency
regulations
Foundational layer to simplify other TR
services
Reduce technology footprint
7
TR ID PHASES
Horizon 1 – Build core Platform
• Launch initial IAM service through API’s
• Branded UX for Login and Registration
• Over 500k users leveraging TR ID for Authentication
• Scalable product migration SDK
• Operational in 4 Data Centers
Horizon 2 – Enable Integrated Experiences
• 10 Mil user Identities in directory
• 2 Mil users authenticating
• Integrate cross-product capabilities
• Track users through career
• Simplify Authentication for large customers
• Analytics for sales & marketing
• Multi-factor authentication
Horizon 3 – Support the Enterprise vision
• Single login for all TR services
• Single point of profile management
• 15 Mil users leveraging TR ID for Authentication
• Simplification of other services (i.e. provisioning, support, entitlements)
• Reduce Technology Footprint
• Security, Compliance and Data Residency benefits
Green = Complete
9
FUTURE ARCHITECTURE
Mobile Products
Browser Apps
Terminals
Web Services
Thom
son
Reut
ers
Fire
wal
l
Thomson Reuters Products (internally hosted)
Mobile Products Browser Apps Web Services
Externally hosted
Products
Customers
Identity Repository
Identity Repository
Authentication Management
Secondary Authentication
Security Token Management
Platform Services
Authenticate (SAML, OAuth)
Access Federation Identity life-
cycle Management
Identity Governance Workflow
Business SystemsBusiness SystemsBusiness SystemsBusiness SystemsBusiness SystemsBusiness SystemsBusiness SystemsOther Identity Systems (Internal & External)
Identity Mapping
Identity Orchestration
Large Customer
Integration
Business SystemsBusiness SystemsBusiness SystemsEntitlements / Authorization Engines
Thomson Reuters Identity Management System
10
4 STEP PROCESS TO ACHIEVE FUTURE ARCHITECTURE
1. Build foundation & support new products / services
2. Cross BU orchestration and service/content integration
3. Authentication integration
4. Profile consolidation
Deliver incremental business benefits!
11
STEP 1: BUILD FOUNDATION & SUPPORT NEW PRODUCTS / SERVICES
• Build out core functionality and deploy in Development, QA and
Initial Production environments• Authentication solution for new product and services launch
(Blue Moon, Developer Platform, Findlaw, BOLD/OpenId)• Target Date: End of Q1 2015
Blue Moon
IP&S One Platform
FindLaw
Dev Platform
Identity Repository
Identity Repository
Authentication Management
Secondary Authentication
Security Token Management
Authenticate (SAML, OAuth)
Access Federation Identity life-
cycle Management
Identity Governance WorkflowIdentity
MappingIdentity
Orchestration
Large Customer
Integration
Thomson Reuters Identity Management System
BOLD / OpenId
12
Consolidated Customer Identity Store (12M+ Customer Identities)
AAA OnePass OneSource STeAM Others
AAA / DACS etc OnePass / OLC / Prisim etc.
OneSource / CUAS etc.
STeAM / CAESAR etc. Others
Account Links
STEP 2: CROSS BU SERVICE/CONTENT INTEGRATION (ORCHESTRATION / CO-PROVISIONED MAPPING)
• Identity system fed directly by business systems via the common orchestration layer
• User level service and content sharing can be enabled after this step
• BU dependency; Target Date: End of Q3 2015
Identity Orchestration
13
STEP 3: AUTHENTICATION INTEGRATION
Auto Migration [Option 1]: Thomson Reuters ID Signon
OnePass
OnePass
User Experience and Signon Flow
1 – User click Login on Thomson Reuters Access sign on page and enters credentials2 – Thomson Reuters ID determines if user exists3 – If user does not exist, Thomson Reuters ID calls into OnePass (using API calls) to authenticate the user4 – OnePass validates users credentials stored in OnePass5 – If valid, OnePass returns the user’s profile data (without the password) 6 – Thomson Reuters ID captures user’s password from UI and stores that and the profile data 7 – User is signed onto product and profile is migrated
red indicates user interaction required
Thomson Reuters
ID
1
5
Thomson Reuters ID
14
STEP 4: LOGIN / PROFILE CONSOLIDATION(USER DRIVEN MAPPING)
Thomson Reuters Customer Identity Master (12M+)
AAA OnePass OneSource STeAM Others
Thomson Reuters Standard DB
• User can map profile only if product has integrated with IAM
• Customers get Google / Apple / Microsoft like user experience across TR Products (SSO, customer intelligence, etc)
• Customer account consolidation should be user/customer initiated
• System will also support BU rules initiated customer account consolidation
15
2015 INTEGRATION ROADMAP
Q4 2014 Q1 2015 Q2 2015 Q3 2015 Q4 2015 2016 +
Cost avoidance (each product integration)
Product 1Tax
Product 2(Legal)
Social Media login available
Cross TR Identity repository
Integrate services across products & business units
Link user profiles through career changes
Ben
efits
Pro
duct
s ru
nnin
g on
IA
M
Additional security (two factor authentication)
Product 4 (Enterprise)
Product 5 (F&R, IP&S)
Product 3(IP&S)
Product 6 (Enterprise)
Product 8 (Tax)
Product 9 (IP&S)
Comply with European data privacy
Green = CompleteBlue = On track
Failover in place. Better scale & disaster recovery.
Product 7(Legal)
19
LESSONS LEARNED
• Identity Access Management is 80% about change management and 20% about technology
• Coexisting with other identity providers within the company is easier said than done
• Migrating many different IDPs’ is rarely a straightforward or repeatable process. Simplifying this process with an SDK and strong documentation is critical.
• Hiring employees with strong identity/ForgeRock experience is challenging and developing talent takes time