No_Disruption.jpgThe accelerating pace of digital business is spurring heightened demands for customer identity data. New apps, devices and channels need customer information to deliver innovative services and better customer experiences. And they need much more than user names and passwords. They require security controls, rich engagement history information, privacy policies and customer preference data.

Outdated workforce Identity and Access Management (IAM) solutions, typically implemented in the 1990s, weren’t built to manage and deliver customer identity data at the scale and complexity of today’s digital business. Many companies are faced with updating and upgrading their identity management technology to keep up with modern demands. But business needs to keep moving; you can’t afford a lapse in identity services while you get your new solution up and running.The Teacher Retirement System (TRS) of Texas was facing this scenario when the IT team made the decision to move to a next-generation Identity and Access Management solution. As the largest public pension system in the state of Texas and sixth largest nationally, TRS manages retirement funds for 1.6 million members and retirees. The financial services organization simply could not experience any gaps in identity management services and data security.

The TRS IT team carefully considered their implementation options to develop a plan that minimized downtime as much as possible. By combining three key methodologies, they were able to migrate to a new IAM platform with zero disruption:

  1. Co-existence of the new and old systems
    The TRS IT team’s first phase of the project involved standing up the new solution in front of their legacy Active Directory data store. Keeping both systems running for a period of several months provided a safety net against service disruptions during the migration.
  1. Utilizing the new solution’s real-time sync capabilities
    A key capability that enabled TRS to effectively run both systems in tandem was real-time data synchronization at massive scale. The ability to immediately sync high volumes of data kept current information continuously flowing between the legacy systems, the new data store and ultimately to the web apps and other customer and employee-facing services requiring accurate data.
  2. Implement pass-through authentication
    The TRS team wanted to maintain the highest levels of security during the implementation and avoid having users create another set of credentials and passwords in the new data store. They accomplished these goals by passing authentication requests through the new UnboundID solution to the old Active Directory. Once access was granted, the credential data was automatically migrated to the new solution.

In this short two-minute video, you can see the topology that TRS used to seamlessly implement their modernized solution with no downtime. It includes information about how they handle load balancing in addition to data synchronization and pass through authentication.

Using this approach, the team was able to seamlessly implement their modernized IAM solution while continuing to meet the business-as-usual demands for identity data. What’s more, the new IAM solution can support innovative services and the growing number of TRS members for years to come.