Givaudan: corporate access management solution

Givaudan is a Swiss manufacturer of flavours, fragrances and active cosmetic ingredients. As of 2008, it is the world’s largest company in its industry.

Givaudan sought to ensure that access to on-site and cloud applications was fully secure. In addition, the project had to include managing access to these applications through a central component and also provide different security levels based on resource criticality.


Securing heterogeneous applications.
Setting up a central configuration repository for application access management.
Supporting social networking and third-party identity federations.
Unique and standard strong authentication mechanism for users.

Our solution
Application Security

We built an access management solution based on ForgeRock OpenAM as the central point of configuration for application access management. Acting as the global Identity Provider (IdP), this solution validates user’s credentials on Givaudan’s identity store, authorises access to applications and centralises user sessions, avoiding unnecessary re-authentication.
To secure the first services leveraging Google Apps, we configured a circle of trust between ForgeRock OpenAM as the IdP and Google Apps as a Service Provider. We also secured critical resources with strong authentication by using Google Authenticator for One Time Password. Finally, for applications having non-standard authentication mechanisms, we deployed Open AM agents in front of them to prevent them from being modified.



By setting up a central point of configuration for application access management, we simplified the administration and reduced operational costs for Givaudan's administrators.


Thanks to the large set of features provided out of the box, Givaudan's IT developers quickly became autonomous in on-boarding new applications. As most of the features are exposed as REST APIs, the integration with applications – such as portals – is also simpler. An example of this would be requesting a token for a user through a simple REST call.


As the single point of configuration, ForgeRock OpenAM provides a centralised view of an application's access management, thus reducing the risk of a security breach that dispatched access control management might incur.


Having successfully given their employees seamless authentication to applications, Givaudan is now deploying the solution to an external population, including partners and customers. The goal is to give access to some of their applications over the Internet and thereby increase productivity through a web portal.


For specific applications, such as non-ready for standards federation protocols, the solution's core product comes with agents in front of the customer applications. These agents deal with the authentication, avoiding specific developments on the existing applications.