Due to the development of its earth observation services, the European Space Agency’s (ESA) legacy identity solution could no longer fulfil its needs. ESA wanted to improve the level of service for external users, enhance federation capabilities and reduce the administrative burden of internal staff regarding user management.
ESA began to look for a cloud-based identity solution that would meet the requirements of their business identity needs. That solution should also be able to integrate into their existing on-premises Identity Governance and Administrations (IGA) based solution for access provisioning and certification. Eventually, they found a match in the Thales OneWelcome Identity Platform, with advanced capabilities for online business collaboration.
The external user population that utilises ESA’s earth observation data is miscellaneous by nature. External users can be divided into standard users of the service, or into external Delegated User Managers that control access rights within their own organisations. These Delegated User Managers work for very diverse entities (i.e., commercial organisations, universities, research centres, etc.) and have very mixed job profiles. That diversity demanded an intuitive, easy-to-explain user experience as a core criterium for the solution ESA would decide to adopt. Thales was able to deliver on that need with its seamless and secure functionality of delegating external user managers.
On top of this, the option of adjustable branding was important to the space agency together with the flexibility that the solution of choice would support multiple languages and diverse terminology. For example, some of the key requirements of ESA were not just about translation support but also terminology tuning. The flexibility of the Thales B2B solution allowed ESA’s power users to conveniently adjust naming in UI entities to their standard dictionary (e.g. ‘Entitlement’ rather than ‘Role’), achieving this way maximum efficiency and smooth, top-notch user experience.
Within the new ESA identity infrastructure, the user onboarding process is managed as if they were consumers. With Thales, existing users can be onboarded in the new solution through registration with existing data. New users can be invited to register by delegated managers. Social registration and login options are offered with both LinkedIn and Google support.
As a pan-European company, funded by the European Union and liaising with thousands of external users from European companies, universities and research centres, GDPR requirements are to be fulfilled in a compliant way.
As a result, capabilities regarding user consent were very important to facilitate ESA’s external users. Consent on documents and processing purposes per attribute is captured as part of the onboarding and is mandatory for the creation of an account. A follow-up consent request might apply in case of ‘terms and conditions or ‘policy document’ updates over time (re-consent). Users are able to check their ‘consent ledger’ at any time and have a clear view of what and when they consented to. Finally, users are entitled to request transparency regarding their personally identifiable information that is processed but also clarity about the erasure of their data. The powerful, integrated consent management feature Thales offers was able to support this process and facilitate any related consent management needs that ESA was looking to satisfy.
The unique combination of consent management, federation, SSO and social authentication features, along with its flexible, intuitive to use of Delegation User Management, made Thales the ideal solution that would help bring ESA’s IAM efforts to the next level.
The European Space Agency (ESA) is Europe’s gateway to space. As such, ESA wants to ensure that its investment in space delivers great benefits. Satellites for earth’s observation are constantly circling, providing valuable data to safeguard the planet. This earth observation data is available for more and more international and national agencies, for example, climate data.
ESRIN, the ESA subsidiary in Italy, manages the ground segment for ESA and third-party earth observation satellites, coordinating over 20 ground stations and ground segment facilities throughout Europe. They cooperate with another 20 foreign ground segment operators worldwide. In order to share all the available Earth Observation data, ESA developed an ‘Earth Observation Single Sign-On Infrastructure’ (EO-SSO) for business partners, based on a home-grown solution and SAML protocols, interacting with other existing architecture.
© Thales - April 2024