Facing an extranet challenge? Identity and access management as a solution

Please note that this article is over 10 years old, so the content and links may not necessarily be up to date. For more recent reading, you might be interested in one of these articles:

Today we see a lot of extranets that have originally been built for some quite simple and specific need, such as making detailed product information available to partners and resellers. Later, other services that have often been built with different technologies, have been attached to it one by one.

North Patrol is a consulting firm specialized in the design of digital services and information systems. We shape ideas into a vision and service concept, find the best architectural and technological solutions, design a functional user experience, and compete to find the ideal partner for implementation work. We do not sell implementation projects, nor do we sell licenses; we are genuinely on the side of the customer.

16 June 2014

Kimmo Parkkinen

This has resulted in a fragmented extranet with various challenges:

  • users need to sign in to each service separately
  • look and feel varies from service to service
  • user experience is inconsistent and inconceivable.

Your extranet clearly needs renewing, but rebuilding it from scratch seems an overwhelming task. Where to start the renewal?

Picture a typical extranet site that has been built throughout the years piece by piece. Each one of its services may be very good at what they were designed for, but still the extranet resembles more a patchwork quilt than a modern extranet entity. A coherent user experience does not necessarily mean that you need to rebuild everything from top to bottom into one new and massive extranet system. If the business processes behind the services are mainly in order, sometimes it is just enough to renew the front layers, and leave the existing back end services to do what they are good at.

Let’s consider some of the pros and cons of such approach.

Where to start from?

Before doing anything, make sure that you create an unambiguous roadmap to be clear on what the moving elements in the puzzle are, what is needed and when. You can refine the roadmap later, but you need to have an initial vision of

  • what you are trying to achieve
  • with what kind of steps
  • how the steps should be prioritized
  • what technologies you currently have
  • what you may need to acquire
  • what kind of resources you need and
  • what your budget is

You also need a well-planned overall concept plan before you start the actual implementation. You need to know the roles and target audiences for each service, the general look and feel of each service, what the color schemes will be, where the user interface elements such as navigations and logos will be, how they should work etc.

Don’t forget to consult your implementation partners on which changes are easy to do and which ones are harder. Avoid complexity, instead try to create a concept that can be applied to all existing services as easily as possible – including those that are still on the future development list.

When you have the roadmap and concept ready, you can still reconsider your approach one more time. This is the time to decide whether it might be better to start with a clean slate or make the best out of the existing services.

Single-Sign-On (SSO)

The most common source of negative feedback on fragmented extranet services is that the users are forced to sign in more than once. Single-Sign-On (SSO) is already quite well-known as a term and it is often mentioned as a magical solution to almost everything.

But what does SSO mean in practice? You can’t just throw it on top of everything as a last step in your extranet renewal project. Rather, SSO is more a foundation on top of which you build your entire extranet service. It requires either a centralized user directory (for example, Active Directory or LDAP), which all extranet services know how to utilize, or a separate identity management (IdM) solution.

Identity management (IdM)

A separate IdM solution works as a middle layer allowing users to sign in to different services with different user accounts and devices. It also maps the user’s access rights for each service. It usually does a lot more, too, but the nice thing is that the services do not have to share the same user directory or technology. The user has to sign in only once, or in the best-case scenario, the authentication can be totally invisible to the end users. Quite often IdM solutions run on a dedicated network server or in the cloud.

At first, adding a dedicated IdM solution to an existing extranet service may sound like a daunting exercise, but that is not necessarily the case. Of course, it should not be taken too lightly, either. Perttu opens up a few things about that in our intranet blog (in Finnish). Adding an IdM solution requires careful planning and considering the options. And most likely, you will need a partner for the actual implementation. The price range of the project, licences and setup may vary from 30 to 300 k€, depending on the number of services and complexity of the concept.

If, however, the processes behind the services are complex, this approach can prove easier than recreating those processes in a new extranet service from scratch. Just make sure that the IdM solution you choose is compatible with the services you are or will be using.

Eating an elephant takes one bite at a time

When you have the identity and access management in place, you can start making changes to the existing services according to your concept plan. The good news is that you can take one service at a time, make the necessary changes and move on to the next one.

If some of the services need to be totally replaced, the IdM solution can give you some extra time to build the new services in the background. In some cases the old and new services can even live side by side; some of the users access the old services while others already use the new one.

What about the future?

The decision whether to go with this approach or not should always be taken case by case. There is of course no point in wrapping the IdM solution around an old and dying legacy system. But if the services are at least fairly modern, they still fulfill your business needs well and have technical support from the suppliers, it is definitely worth considering. You can select the products and suppliers that are the best fit for each specific need.

An IdM solution can also enable totally new possibilities for internal use. Wouldn’t it be nice troead,1620142ccess your CRM and product catalog from an external network using your tablet? How about putting that to the roadmap, too?

Kimmo Parkkinen

Kimmo Parkkinen is an expert in requirement specifications and software procurement.

Kimmo consults the customers on defining the functional requirements and technical design of web based solutions as well as selecting the best suppliers for the implementation phase. His areas of expertise include designing, modelling and documenting complex web based services.

Kimmo has over 20 years of experience with web and intranet projects, including serving as a software architect, technical project manager and a production manager in software vendor companies and also as an independent consultant.

Customer service channels

Are you building a membership service, a targeted audience service for a selected group, or a digital service intended for carrying out a single transaction process? North Patrol's team helps you find the right solutions and technology choices to engage customers, streamline processes, ease customer service workload and minimize lifecycle costs.

Read about our services

Request a quote

About North Patrol

We are a team of ten consultants, all of whom are experienced designers and technology experts. Every year we design and prepare over 50 different online services and information systems. Our customer satisfaction is very high (9.5 out of 10), and we have helped many customers transform their digital services.

Read more about us

How we differ from our competitors?

  • We specialize in digital service design

    We specialize in high-quality design and requirements specification of digital services. Our mission is to help customers succeed in their software project by creating the best possible foundation for implementation – whether it is an agile implementation done inhouse, a project done with a partner, or a publicly tendered project.

  • We don't sell coding or licenses

    Many software companies recommend software solutions that they also implement themselves. We don’t do that. We don’t do software implementation projects or have partnerships with technology providers. Our perspective on the software market is broad, as it should be for our customers. Our goal is always to find the best possible software solution for our customer, whether it’s a custom-built solution, a SaaS service, an open-source platform, or a combination of these.

  • We are realistic and forward-thinking

    We design digital service concepts, implementation methods and architectures that are sustainable and can be further developed. We place great importance on the feasibility of software solutions, the availability of good partners and the predictability of costs.

Back to top