How DevOps Integrate With CIAM

There are several good reasons for adopting DevOps practices:

• The use of agile and other development processes and methods
• Demands for higher rates of production releases by application and business area stakeholders
  • Nevis supports this trend with functions such as A/B testing of customer journeys or advanced configuration management functions.
• Broad availability of cloud infrastructure – from internal and external providers
  • Nevis supports both public cloud infrastructures such as Azure AKS, private cloud based on Kubernetes technology such as OpenShift and Rancher as well as virtualised environments such as VMware.
• Increased use of tools for data centre automation and configuration management.
  • Nevis supports technologies such as Kubernetes (native Kubernetes support), GIT and declarative configuration approaches.
• A greater focus on test automation and continuous integration methods.
• Critical mass of publicly accessible best practices.

CIAM solutions require greater configuration flexibility than typical eIAM systems. This can be attributed to many factors. Below is a series of examples:

• CIAM systems often need to take all external identities into account. These are mainly B2C identities but increasingly also B2B. These constituencies have different requirements that must be met by the same system.
• A large company may have different registration or login procedures for its customers. It might offer easy registration for interested parties who want to receive detailed white papers, quick registration for those who want a free test version of a product, and another registration process for interested parties who become customers who then need access to a support portal, for example. This calls for a system that can process multiple registration and login procedures in parallel.
• The registration and login flows are often parts of more sophisticated onboarding or portal solutions. The CIAM functionalities must therefore be available via API for integration with software from third-party providers.
• Providing support for multiple brands also requires greater flexibility from the CIAM system.
• A CIAM system must also simultaneously support multiple MFA methods for different users (e.g. SMS and passwordless) because customers cannot be expected to migrate immediately to a new MFA method in the same way as employees.
• If customer access data is to be transmitted «on the fly» from an old LDAP system to a new identity repository without the migration impairing customer’s workflow in the background.
• If SSO is to be deployed not only for applications that support new federation standards but also for legacy applications that cannot be migrated to new standards.

A CIAM solution must be highly and flexibly configurable based on customer requirements. Nevis offers a central configuration console (nevisAdmin 4) that customers can use to configure, manage and deploy challenging CIAM scenarios. Some of the key features are:

• Configuring and implementing CIAM best practices with the help of more than 150 reusable configuration templates called patterns.
• Support for multiple projects enables the central administration of multiple Nevis environments.
• Testing new configurations and infrastructure options thanks to the complete separation of configuration and infrastructure data.
• Processing, sharing and validating declarative configuration files with support for the Git version control system.
• Avoid surprises during production by validating configuration changes and execution plans prior to deployment.
• Enables a strict change-management audit thanks to full configuration versioning support. Approve configuration merges in your production environment prior to deployment.
• Integrate them into your GitOps processes using the Configuration Generation Engine API.

The preferred deployment option at Nevis is with Kubernetes and this offers several advantages:

• Easily deployable components that are available as Docker images
• The nevisOperator helps you manage and deploy complete Nevis environments and streamlines the integration in your CI/CD pipeline.
• Deployment automation with no downtime: Nevis on Kubernetes lets you deploy new versions of Nevis free of service interruptions and remain available around the clock.
• Autoscaling: Kubernetes Horizontal Pod Autoscaler allows you to optimise resources and offer a high-performance experience even under peak loads.
• High availability: pod affinity and pod anti-affinity make it possible to regulated how pods should be placed relative to other pods. In this way, the pods of a service can be distributed via nodes or availability zones to reduce correlated outages.
• Integrated Kubernetes certificate management with the Nevis configuration console.

Nevis provides native support for the Microsoft Azure Kubernetes Service (AKS). You can set up a Nevis environment in minutes and manage it centrally using the Nevis management console.