Delivery Excellence - Major Indonesian bank in Production in One Month

Introduction

Modernizing Customer Identity and Access Management for major Indonesian bank

A major bank in Indonesia partnered with Midships to undertake a critical upgrade of its Customer Identity and Access Management (CIAM) infrastructure.

The objective was to migrate from their Ping AIS (f.k.a. ForgeRock) version 6.5 to 7.4, ensuring a seamless data migration process with zero disruption to CIAM services.

The initiative also aimed to improve scalability, enhance functionality, and preserve the existing architecture — setting the foundation for future growth.

The Challenges

Upgrading a live CIAM platform within a high-performance banking environment posed several technical and operational challenges, particularly during the upgrade of Ping AIS components and the data migration phase. Key hurdles included:

• Migrating Ping AIS from version 6.5 to 7.4 while aligning it with the evolved configuration structure of later versions of both Ping AIS and the Midships Ping AIS Accelerator.

• Manual execution of the CI/CD pipeline in GitLab, limiting automation and repeatability.

• Utilizing Google Cloud Platform (GCP) storage to support data transfer between environments.

• Implementing reverse synchronization from the upgraded environment back to the legacy setup to support rollback scenarios.

• Creating accurate test datasets to simulate production load in performance environment.

• Transitioning to File-Based Configuration (FBC) without disrupting the existing architecture.

• Establishing a standardized process for PingAM certificate and key rotation.

Key Achievements

Midships overcame the above challenges through a combination of domain expertise, automation, and structured testing approaches:

• Ping AIS Upgrade: Leveraged in-house SMEs to successfully migrate Bank’s legacy AIS components to the latest version, resolving multiple compatibility issues along the way.

• Automated Configuration Migration: Utilized tools like Amster and Am-upgrade to export and transform configurations for compatibility with version 7.4.x.

• Configuration Parameterization: Enhanced deployment agility by parameterizing configuration values, allowing centralized updates through config maps.

• OAuth2 Client Deployment Pipeline: Designed a dedicated pipeline for managing OAuth2 Clients within the PingDS deployed as the Application and Policy Store, eliminating the need for full redeployments when making dynamic configuration changes.

• Automated Data Migration Pipeline: Implemented a GitLab pipeline to automate data export from legacy DS, transfer via Google Cloud Storage (GCS), and import into the new environment — drastically reducing manual effort.

• Backup and Restore Modernization: Reengineered the backup strategy using GCS buckets and cron jobs to support a more efficient backup rotation model with multiple daily snapshots.

• Test Data Simulation: Developed automation scripts to create realistic test data, enabling performance validation and resource planning in pre-production environments.

• Certificate and Key Rotation Automation: Built shell scripts to automate JWKs certificate and key rotation, integrated with HashiCorp Vault and PingAM deployment processes.

Collaboration and Business Impact

The success of this initiative was anchored in seamless collaboration between Midships and Bank’s teams. Through iterative planning, transparent communication, and joint problem-solving, the partnership achieved a frictionless upgrade with zero impact on live services.

Business-wise, the upgraded CIAM infrastructure now offers enhanced performance, improved maintainability, and a scalable foundation that supports Bank’s innovation roadmap. The automation-first approach significantly reduced manual overhead and improved deployment consistency across environments.

Mission Result

Midships delivered a future-ready CIAM platform tailored to Bank’s evolving needs. With Zero downtime, streamlined deployment processes, and robust data migration strategies, the engagement not only fulfilled its immediate objectives but also empowered the bank with a CIAM framework built for scale, flexibility, and operational excellence, setting them apart from their competitors in the region.

Writer's Overview

Murali Sampath – Delivery Lead, Midships

Murali leads engagements within Midships as a delivery lead covering IAM solution deliver for various businesses ranging from Gaming companies to financial institutions. He comes with an extensive experience of 16+ years  working for Financial services before his stint with Midships.

Short bio: Murali is Technical Delivery lead for Midships delivering high performance IAM platforms and cyber security solutions for wide variety of clients, primarily financial institutes and gaming company.