Major Australian Retail Bank’s Successful Upgrade and Migration to FRAM 7.4

Background

Over time, dormant user profiles and historical device profiles can accumulate in the user store (directory service), resulting in a significant portion of unused data. This paper presents a simple solution to keep the user store clean by maintaining only active user profiles and device profiles. This solution includes a directory service clean-up process and alterations to the Access Management (AM) Authentication Tree to manage dormant user journeys. Consequently, organisations can lower their license costs and optimise the user store's size (which is important for speed of backup & restore).

PROBLEM STATEMENT

The Bank faced significant risks due to the impending End of Life of FRAM 6.5, which could lead to loss of product support and non-compliance with industry standards. The high license fees for the existing DAON biometric authentication solution added to the challenge.

Technical Challenges

The project involved several technical challenges:

1. Data Migration

   Seamlessly transferring configurations, user data, and policies to FRAM 7.4 without compatibility issues.

2. Integration Testing

   Ensuring all integrated systems work correctly with the new version to avoid disruptions.

3. Customizations

   Modifying existing scripts, extensions, and APIs to be compatible with FRAM 7.4.

4. Performance Optimization

   Ensuring the upgraded environment meets current performance standards.

5. FIDO2 Migration

   Transitioning from DAON to ForgeRock’s FIDO2, including the migration of biometric data and user re-enrolment.

Goal

The objective was to upgrade the Bank’s FRAM 6.5 to 7.4 within a 6-month timeframe using the Midships Ping/ForgeRock Accelerator.

This included migrating from the existing DAON biometric solution to ForgeRock’s integrated FIDO2 authentication, thereby reducing license costs. The project also aimed to ensure smooth transition of all customizations, configurations, and integrations, optimizing system performance and maintaining service continuity.

Timeline

The project was completed within a 6-month period, from initial planning to final production release.

This included migrating from the existing DAON biometric solution to ForgeRock’s integrated FIDO2 authentication, thereby reducing license costs. The project also aimed to ensure smooth transition of all customizations, configurations, and integrations, optimizing system performance and maintaining service continuity.

Products

1. Migrated AM

2. Updated IDM, DS, and IG to be compatible with FIDO2

Benefits & Results

The upgrade and migration project yielded significant benefits for the Bank:

1. Seamless Upgrade

   FRAM 6.5 was successfully upgraded to 7.4 within the targeted 6-month timeframe, ensuring compliance with industry standards and securing ongoing product support.

2. Cost Savings

   Migrating from DAON’s biometric solution to ForgeRock’s built-in FIDO2 authentication eliminated high license fees, resulting in considerable cost savings.

3. Reduced Support Burden

   The transition to a more flexible and robust platform significantly reduced the support burden on the CIAM team.

4. Simplified Future

   Upgrades: The integration of the Midships Ping/ForgeRock Accelerator simplified the delivery process, making future upgrades more straightforward and less time-consuming.

5. Minimized Disruptions

   Careful planning and execution ensured minimal service disruptions, maintaining continuity for the Bank’s customers and operations.

   
   

These achievements were made possible within the 6-month project timeline, showcasing the effectiveness of the Midships Ping/ForgeRock Accelerator in enabling a swift and efficient transition to the new platform.

Are you interested?

If you would like to learn more, please contact sales@midships.io