About Client
This is an internal project that will be widely used within our company. We are Elinext, an international software development company that delivers custom solutions. We are focused on providing the best possible software to our customers, and there are cases when our products are handy for internal use. Elinext Identity Management is one of 20+ software solutions used in everyday activities within our company.
Business Challenge
Elinext is a big international company. It’s a fairly difficult task to manage people within the company, and it's next to impossible without the software dedicated to it.
Certainly, the company used such software for a long time. However, the previous solutions had their flaws. For instance, the solution was based on IdentityServer architecture, so it was a complex task to add new features to it. It only got worse when the IdentityServer4 library moved to a commercial license, so it was decided to dedicate efforts to switch to another library, OpenIddict, and rewrite the application entirely.
So it was decided that Elinext Identity Management will get a new life as a solution that would allow managing users, their roles and groups, with the ability to grant authorization to other applications.
Process
Project Development: Phase 1: December 2023 – January 2024 (2 months)MVP development
- Renew the existing web application
- Refine all the existing modules
Phase 1.1: January 2024 – March 2024 (3 months)
- Logging using 2FA
- Scope management
- Application management
Phase 2: April 2024 – January 2025 (9 months)
- Group Management
- Custom User Roles per application
- Audit logging
Notes:
- The Kanban-like methodology was used on the project, as it best suits the situation with unlimited time projects with a team rotation.
- From the technical point of view, many parts of the functionality were new to the team and required deep investigation.
- The development process is very flexible to meet the requirements, which were often changed because of the numerous dependencies and limitations.
Final Product Overview
The web application helps with employee role management and access
The product supports the OAuth 2.0 specification
Consists of several modules: Identity, OAuth 2.0, Administration, and External API.
Identity Module
It is part of the system available to all employees.
The main functionality included is login.
The login page with 2FA authentication is enabled, alongside “forgot password page”, “lockout page” (for the blocked users), and “manage page” (allows access to basic information, password page, 2FA management, login history, and active session histories).
OAuth 2.0 Module
It is part of the system responsible for the authorization of external applications and the issuance of access tokens.
The authorization endpoint can be used to request tokens/auth codes via the browser.
The Token endpoint can be used to programmatically request tokens.
The UserInfo endpoint can be used to retrieve claims about a user.
The Introspection can be used to validate reference tokens.
The Discovery endpoint can be used to retrieve metadata about your IdentityServer.
The Revocation endpoint allows revoking access tokens.
The End Session endpoint can be used to trigger single sign-out in the browser.
Administration Module
It is a part of the system that allows managing the main entities of the application.
Users, connected applications, scopes, companies, and groups are the app’s entities that could be managed by admins with the help of this module.
External Api’s Module
It is a part of the system for data retrieval by external applications.
External companies, countries, group members, group roles, groups, roles, and users are managed with this module.
Business Effects for Client
Increased App Performance (Leading to a more effective Role Management)
Absence of Bugs
Better logging, faster error correction.
Upcoming Features:
- MFA using FIDO Standard
- Deeper logging
- UI Improvements
