THOMSON REUTERS ID PROJECTREUTERS/Cheryl Ravelo

May 2015

2

AGENDA

• Thomson Reuters company overview

• Background & objectives for project

• Implementation strategy

• Progress & roadmap

• Integration example

• Lessons learned

THOMSON REUTERS OVERVIEW

REUTERS NEWSPowered by more than 2,800 journalists reporting in 20 languages from bureaus around the world, Reuters is the world’s

largest international news organization

INTELLECTUAL PROPERTY AND SCIENCE

Powerful tools to support discovery and innovation and to protect intellectual property rights around the globe

TAX & ACCOUNTING

Leading solutions for accounting, tax, and corporate finance professionals

LEGAL

Tools and services for law firms to manage and grow their businesses

FINANCIAL & RISK

Comprehensive information solutions for financial market professionals

4

BALANCED PORTFOLIO OF BUSINESSES

5

THOMSON REUTERS IDENTITY SYSTEMS

GGO

Legal

F&R

Thomson One

0.35K

AAAEikon

0.30M users

Espresso

Trade Web

OnePass110 Products1.5M users

FindLaw

Prism

Steam7 Products6M users

-

Zawya

Infolex

One Source20 Products

0.1M

CUAS0.6M

NetFirms 1.6M

-

-

-Tedesco

Domino

-

Integra

Sterion

Brandy

IP Manage

r

-

Work IAM

Street Events

eMaxx

Baseline

Data Stream

• 9000 firms subscribe to products across four business units

• 80+ different authentication systems/directories• Know your customer - we don’t know the name or

email address for nearly half of our end customers• Must create a better experience for both end users

and company administrators

6

THOMSON REUTERS ID OBJECTIVES

Customer Benefits

One login for all products, services,

websites

Identity for life; take your profile and preferences

with you

Simplified Admin for customers

TR Business Benefits

Better user information for

Sales & Marketing

Simplify content and service integration

Lower cost

TR Technical Benefits

Improve security and compliance.

Meet data residency

regulations

Foundational layer to simplify other TR

services

Reduce technology footprint

7

TR ID PHASES

Horizon 1 – Build core Platform

• Launch initial IAM service through API’s

• Branded UX for Login and Registration

• Over 500k users leveraging TR ID for Authentication

• Scalable product migration SDK

• Operational in 4 Data Centers

Horizon 2 – Enable Integrated Experiences

• 10 Mil user Identities in directory

• 2 Mil users authenticating

• Integrate cross-product capabilities

• Track users through career

• Simplify Authentication for large customers

• Analytics for sales & marketing

• Multi-factor authentication

Horizon 3 – Support the Enterprise vision

• Single login for all TR services

• Single point of profile management

• 15 Mil users leveraging TR ID for Authentication

• Simplification of other services (i.e. provisioning, support, entitlements)

• Reduce Technology Footprint

• Security, Compliance and Data Residency benefits

Green = Complete

IMPLEMENTATION APPROACH

9

FUTURE ARCHITECTURE

Mobile Products

Browser Apps

Terminals

Web Services

Thom

son

Reut

ers

Fire

wal

l

Thomson Reuters Products (internally hosted)

Mobile Products Browser Apps Web Services

Externally hosted

Products

Customers

Identity Repository

Identity Repository

Authentication Management

Secondary Authentication

Security Token Management

Platform Services

Authenticate (SAML, OAuth)

Access Federation Identity life-

cycle Management

Identity Governance Workflow

Business SystemsBusiness SystemsBusiness SystemsBusiness SystemsBusiness SystemsBusiness SystemsBusiness SystemsOther Identity Systems (Internal & External)

Identity Mapping

Identity Orchestration

Large Customer

Integration

Business SystemsBusiness SystemsBusiness SystemsEntitlements / Authorization Engines

Thomson Reuters Identity Management System

10

4 STEP PROCESS TO ACHIEVE FUTURE ARCHITECTURE

1. Build foundation & support new products / services

2. Cross BU orchestration and service/content integration

3. Authentication integration

4. Profile consolidation

Deliver incremental business benefits!

11

STEP 1: BUILD FOUNDATION & SUPPORT NEW PRODUCTS / SERVICES

• Build out core functionality and deploy in Development, QA and

Initial Production environments• Authentication solution for new product and services launch

(Blue Moon, Developer Platform, Findlaw, BOLD/OpenId)• Target Date: End of Q1 2015

Blue Moon

IP&S One Platform

FindLaw

Dev Platform

Identity Repository

Identity Repository

Authentication Management

Secondary Authentication

Security Token Management

Authenticate (SAML, OAuth)

Access Federation Identity life-

cycle Management

Identity Governance WorkflowIdentity

MappingIdentity

Orchestration

Large Customer

Integration

Thomson Reuters Identity Management System

BOLD / OpenId

12

Consolidated Customer Identity Store (12M+ Customer Identities)

AAA OnePass OneSource STeAM Others

AAA / DACS etc OnePass / OLC / Prisim etc.

OneSource / CUAS etc.

STeAM / CAESAR etc. Others

Account Links

STEP 2: CROSS BU SERVICE/CONTENT INTEGRATION (ORCHESTRATION / CO-PROVISIONED MAPPING)

• Identity system fed directly by business systems via the common orchestration layer

• User level service and content sharing can be enabled after this step

• BU dependency; Target Date: End of Q3 2015

Identity Orchestration

13

STEP 3: AUTHENTICATION INTEGRATION

Auto Migration [Option 1]: Thomson Reuters ID Signon

OnePass

OnePass

User Experience and Signon Flow

1 – User click Login on Thomson Reuters Access sign on page and enters credentials2 – Thomson Reuters ID determines if user exists3 – If user does not exist, Thomson Reuters ID calls into OnePass (using API calls) to authenticate the user4 – OnePass validates users credentials stored in OnePass5 – If valid, OnePass returns the user’s profile data (without the password) 6 – Thomson Reuters ID captures user’s password from UI and stores that and the profile data 7 – User is signed onto product and profile is migrated

red indicates user interaction required

Thomson Reuters

ID

1

5

Thomson Reuters ID

14

STEP 4: LOGIN / PROFILE CONSOLIDATION(USER DRIVEN MAPPING)

Thomson Reuters Customer Identity Master (12M+)

AAA OnePass OneSource STeAM Others

Thomson Reuters Standard DB

• User can map profile only if product has integrated with IAM

• Customers get Google / Apple / Microsoft like user experience across TR Products (SSO, customer intelligence, etc)

• Customer account consolidation should be user/customer initiated

• System will also support BU rules initiated customer account consolidation

15

2015 INTEGRATION ROADMAP

Q4 2014 Q1 2015 Q2 2015 Q3 2015 Q4 2015 2016 +

Cost avoidance (each product integration)

Product 1Tax

Product 2(Legal)

Social Media login available

Cross TR Identity repository

Integrate services across products & business units

Link user profiles through career changes

Ben

efits

Pro

duct

s ru

nnin

g on

IA

M

Additional security (two factor authentication)

Product 4 (Enterprise)

Product 5 (F&R, IP&S)

Product 3(IP&S)

Product 6 (Enterprise)

Product 8 (Tax)

Product 9 (IP&S)

Comply with European data privacy

Green = CompleteBlue = On track

Failover in place. Better scale & disaster recovery.

Product 7(Legal)

INTEGRATION EXAMPLE

17

TRTA CURRENT WEBSITE CONFIGURATION

18

TRTA WEBSITE FUTURE CONFIGURATION

19

LESSONS LEARNED

• Identity Access Management is 80% about change management and 20% about technology

• Coexisting with other identity providers within the company is easier said than done

• Migrating many different IDPs’ is rarely a straightforward or repeatable process. Simplifying this process with an SDK and strong documentation is critical.

• Hiring employees with strong identity/ForgeRock experience is challenging and developing talent takes time

QUESTIONS