TUNING & REFACTORING :
Value-added B2B service provider in the energy sector
01
The context:
The customer is struggling to scale DevSecOps teams due to the traditional management of RBAC.
02
Problem solving approach:
Implement generic IAM roles that are agnostic to the environments and scope of team members, dynamically assign roles and permissions, and implement audit, rotation and revocation in the management of secrets.
03
Result:
Converge and centralise identity, authentication and authorisation management with a single ID provider.
Reduce access management overhead.
Dynamic provisioning of user accounts and groups, who now have access to different tools depending on what they need to do on a daily basis.
Access monitoring.
04
Technical stack used:
Azure (AD, IAM, Subscription, VPC, Resources Groups, APP Registrations, LDAP, Azure Automation Accounts, Azure Key Vault secrets, Azure Key Vault certificates), Terraform, Vault, GPG, SOPS (Secrets Operations), SOCKS Proxy, OAuth2/ OIDC, LDAP.