Idaptive Enables Single Sign-on Authentication of 30,000 Worldwide Employees at Shiseido

“For employees worldwide, the access to applications — without being aware of the authentication — has greatly improved productivity and utilization of those applications.” Kiminori Kimura, Manager, Digital Innovation Group, Shiseido Company, Limited

Shiseido Company, Ltd. the largest cosmetics firm in Japan, is a global supplier of personal care products including skincare, haircare, cosmetics, and fragrances. Idaptive enables secure access to multiple applications with a single sign-on (SSO) for its worldwide workforce of 30,000 employees.

THE CHALLENGE

To enhance global collaboration and integration, Shiseido plans to move to an entire portfolio of cloud-based applications but needed a single sign-on capability to provide robust user authentication for both Active Directory and external users.

Shiseido has a medium-term management strategy it calls VISION 2020, including a priority goal of strengthening its IT infrastructure to support global internal and external collaboration. The initiative included the transition to cloud-based applications — software-as-a-service (SaaS) solutions — for example, enabling online file sharing and content management services via Box.com.

Shiseido’s legacy environment utilized an on-premise application, accessible via a domestic portal for its Microsoft Windows-based users. The company recognized that it would be impractical for the existing corporate infrastructure to support new cloud applications because it would force users to set up individual IDs and passwords for each application that needed to be accessed.

Worse still, it would significantly increase the security risk with so many different passwords having to be created and memorized. In addition, the company estimated there would be a significant reduction in user productivity associated with managing the numerous log-ins, and an associated increase in IT support and administrative work to keep everything running smoothly.

Leveraging the portal concept, Shiseido’s plan called for implementing an Infrastructure-as-a-Service (IaaS) environment but to be successful, there was an urgent need for an authentication infrastructure that could enable single sign-on access to cloud-based applications via a globally available portal.

THE SOLUTION

Idaptive met all of Shiseido’s stringent criteria, consequently, it was deployed as the keystone of the company’s new global authentication infrastructure.

Shiseido formed an evaluation team for the selection of an authentication solution and it was tasked with examining four vendors’ offerings, which included Idaptive. The selection criteria and capabilities included:

• SSO access to cloud applications as well as on-premise applications — such as Microsoft SharePoint — using the SAML protocol.
• Supporting the authentication of Japan-based users via credential information held in Active Directory.
• Enabling verification of non-Japan-based users outside of Active Directory.
• Facilitating future multiple Active Directories, without the need for domain integration.
• Having a user interface that offered local languages including Japanese, and administrator screens with similar multi-lingual capabilities.
• Supporting automatic authentication connections between Microsoft Internet Information Services, Internet Explorer, and other Active Directory-aware applications.
• Avoiding replication to the cloud of information held in Active Directory.
• Laying the foundation for Identity-as-a-Service capabilities in Japan, and functioning as the hub for the provision of SSO.

When evaluated against all of the criteria, Idaptive scored the highest — in part because of its App Gateway feature that enables single sign-on to cloud applications without the need for a virtual private network (VPN) connection. Consequently, Shiseido deployed the Idaptive solution as the keystone of its global authentication infrastructure. Idaptive was integrated with Active Directory in Japan and worldwide employees outside of the directory were enabled to leverage SSO via App Gateway.

THE RESULTS

Leveraging SSO via Idaptive, users are enjoying greater productivity and higher job satisfaction. Administrators are spending less time keeping user access current, which has increased security.

Immediately after Idaptive was implemented, users began enjoying the convenience and time-savings of single sign-on. For global employees as well as Japan-based users listed in the Active Directory there was no longer any need for separate credentials for cloud-based applications; greatly improving productivity and user satisfaction.

Idaptive has simplified the administration of creating new users, retiring departed users, handling those on a leave of absence, etc. — as well as managing their access to the suite of user applications. In addition, it has been accomplished without the need to copy the Active Directory information into the cloud. Based on the speed at which users’ access can be updated, Shiseido has benefitted from both a reduction in administrative man-hours and an increase in security.

Having an SSO solution that bridges the Active Directory implementation in Japan and all of the worldwide employees beyond it — and that enables user access to a portfolio of cloud-based applications — has allowed Shiseido to progress the strengthening of its IT infrastructure in support of its goal of greater global collaboration.

ABOUT CYBERARK

CyberArk is the only security company laser-focused on striking down targeted cyber threats, those that make their way inside to attack the heart of the enterprise. Dedicated to stopping attacks before they stop business, CyberArk is trusted by the world’s leading companies — including more than 50% of the Fortune 500 — to protect their highest-value information assets, infrastructure and applications.