Swiss insurance company: securing the digital business

This customer is one of the 10 largest private insurance companies in the Swiss market.

In the context of providing customers and partners with innovative and high level services, our client decided to open their services online. Critical to doing so was the need to ensure data confidentiality and to apply best practices for security.


Handling digital identities from assorted identity providers.
Setting up a federation with IGB2B, an identity provider dedicated to insurance companies.
Facing the heterogeneity of applications and service authentication methods.
Providing users with seamless authentication.

Our solution
Application Security

To face these challenges we suggested using API gateway from Axway.
This product permitted a loose-coupled approach to authentication.We configured a perimetric security layer in charge of user authentication based on federation with external IdP. Once the system validates the identity of an external user, our solution converts the external identity token to one of the internal token formats supported by the applications.
This means of identity propagation provides users with seamless authentication and provides compatibility between outside and on-premises authentication mechanims.



Thanks to its extensive pre-built authentication methods and easy customisation capabilities, the solution makes it much easier to ensure security for heterogeneous applications by combining external authentication methods with ones that are onsite. Among others, it provides a user (authenticated by external IDP) with appropriate access to Kerberos secured services.


We configured this solution following a "hub & spoke IdP" strategy. Acting as an IDP proxy in front to external IDPs, our solution centralises user sessions, avoiding un-necessary re-authentication. The result is a seamless, single sign-on experience for the user, resulting in faster and simpler access to all available resources.


The loose-coupled capabilities enabled a non-intrusive approach to securing the existing customer applications. In fact, segragating perimetric and applicative authentication leverages the integration of heterogeneous applications and identity providers whilst minimising code development.


Unlike competitors, the API gateway from Axway is not based on a per-user pricing model. Axway’s pricing model is based on the number of CPUs for both licensing and support. This allows for competitive costs and fine control of the budget regarding potential increase of users.


Axway API Gateway is built on a patented processing engine that supports large API deployments in production. This native-code engine processes API delivery tasks at wire speed and can offload many XML and security tasks from the back-end application infrastructure. This requires no proprietary hardware and scales linearly with physical and virtual resources, delivering the same high performance in any form factor.