Fortune 500 Financial Services Provider

Creating integration and SSO for Salesforce.com with CloudSpan

This US-based Fortune 500 Financial Services provider offers their customers and members annuities, banking, insurance, mutual funds, IRAs as well as other investments and financial planning services. With more than 2.5 million customers and 2,500 financial representatives, one of the key systems that had enabled them to grow their asset base is their Customer Relationship Management (CRM) application. Initially a homegrown system, they quickly realized that while managing customers was core to their business, creating, updating and managing CRM software was not. As an alternative, they turned to Salesforce.com, which provided the right mix of functionality, cost and accessibility they required for their distributed organization. The only drawback was that the system would no longer be on-premise, raising questions around security, integration and compliance.

By the Numbers
>2.5 million customers >$65B US in managed assets >$150B in life insurance >2,500 financial representatives >3,000 corporate employees

The Business Challenge

Financial Services industry regulations are strict with regard to exposing customer data publicly. But Salesforce.com essentially builds and offers its CRM system on a shared infrastructure, meaning that multiple customers data and application resources are hosted on the same computing resources. Moreover, anyone with a credit card can sign up for the service and be granted access to those same resources almost immediately. While Salesforce.com does provide assurances around data privacy and security, our Financial Services provider was unwilling to let sensitive financial information leave their enterprise, raising issues around integration. One of the key areas of contention with CRM centers on adoption. CRM rarely fails to be successfully implemented, but it can fail if salespeople continue to manage accounts in their old, familiar ways rather than taking advantage of the new system. For this reason, our Financial Services provider wanted to retain the core of their homegrown CRM system, which was based around Lotus Notes. Salespeople were already comfortable with scheduling meetings, entering their contact information and generally organizing their day around their desktop implementation of Lotus Notes calendar. Forcing them to move wholesale to Salesforce.com would likely prove counterproductive. Again, issues arise around integration. Finally, in order to better ensure sensitive information remains confidential, the security group at the Financial Services provider has adopted a strict policy of not allowing passwords to leave the organization. This meant that user and machine ids/passwords could not be populated in an external directory, but rather that Salesforce.com would have to call back into the enterprises existing identity and access management infrastructure in order to perform authentication and authorization.

Enter Layer 7
The Financial Services provider had adopted Service Oriented Architecture (SOA) at an early date. Consequently, when they went looking for a solution to their problems, they began their search with the traditional SOA vendors. Layer 7 was the only vendor that could help them address all of their business and technical requirements in a cost-effective manner. The Layer 7 CloudSpan Gateway provided them with a way to safely consume Software as a Service (SaaS) applications like Salesforce.com, delivering not only the end-to-end security they required for their integration solution, but also the monitoring, logging and auditing capabilities they would need to ensure and prove

Financial Services Provider Case Study

compliance with industry regulations. In addition, the ability to mediate between Salesforce.com and their existing enterprise Identity and Access Management (IAM) infrastructure was key to solving the password security issue.

The Solution
When an employee or application attempts to log onto Salesforce.com, a delegated authentication request is sent , authentica from SFDC to the CloudSpan Gateway (CSG) deployed on premise premise: 1. 2. 3. 4. 5. The CSG extracts the user id from the Salesforce.com request The CSG accesses the enterprises directory to get the password associated with the user id The CSG updates the message to contain both user id and password elements The CSG calls out to the enterprises IAM system to authenticate/authorize the user The CSG sends a true or false response (based on whether IAM system permitted/denied access) to rmitted/denied Salesforce.com completing the login

In this way, the Financial Services Provider was able to bi-directionally synchronize each users Lotus Notes l calendar, as well as their mainframe-based customer data with Salesforce.com, while ensuring no passwords left based le the enterprise.

The Results
By ensuring that key functionality and customer data could be retained/accessible from the new CRM system, the ing t Financial Services providers account managers were able to smoothly transition to Salesforce.com, while making Salesforce.com sure their backend system of record is always up to date By extending their existing IAM system to provide both date. Web and Web services single sign-on to Salesforce.com, users now need manage only a single login/password for all systems, improving adoption rates. Finally, a , administrators now have a single place to revoke all userids/passwords, lowering maintenance and administration costs.

Copyright 2011 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners.