How Freddie Mac Overhauled Its Workforce Identity and Access Management
The Federal Home Loan Mortgage Corporation, better known as Freddie Mac, is the backbone of the United States housing sector. The government-sponsored public enterprise has provided more than $10 trillion to help more than 67 million homeowners and 11 million renters establish their homes since its inception 50 years ago, fulfilling its mission to provide liquidity, stability and affordability to the U.S. housing market.
Recently, the Freddie Mac identity team determined it was time to modernize their legacy web access management (WAM) infrastructure. The system was nearing end of life and presented numerous security vulnerabilities that weren’t easily remedied. But given the number of resources involved and the 400+ applications that had to be migrated, the switch to a modern identity and access management (IAM) platform would be a massive undertaking.
Why Workforce Identity Transformation?
While the modernization effort was daunting, Freddie Mac’s legacy technology was outdated and ill equipped for their needs moving forward. The team needed specific capabilities that their previous system couldn’t provide.
Leverage Standards Support
The legacy technology Freddie Mac was using didn’t comply with the latest standards, which frustrated developers and application teams. The lack of support for modern authentication protocols like OAuth and OIDC made supporting new investments difficult and in some cases, impossible. That led to frustration from both the enterprise business units and their IT counterparts.
Deliver a Better Employee Experience
Technology limitations were also thwarting Freddie Mac’s efforts to provide global single sign-on (SSO) to their employees. Without this capability, the team was wasting precious hours on tasks like switching between portals and manually resetting passwords. These limitations were also hurting employee productivity, which was felt throughout the organization.
Close Security Gaps
Working through the vulnerabilities exposed during a security audit was the straw that broke the proverbial camel’s back. Freddie Mac tried to work with their previous vendor to remediate the findings, but they were unable to do so. As a public entity, the organization wasn’t willing to accept the level of risk in keeping their legacy infrastructure and decided a change was needed.
How to Undertake IAM Modernization
Updating an identity platform, while the right move for many organizations, isn’t a simple one. Too often teams stay stuck in indecision and continuing to use tools they know are holding them back. Because your identity infrastructure is running all of your applications, including business-critical ones, modernization must be undertaken judiciously. But there is a way to move ahead, and the identity team at Freddie Mac found it in a three-step process, beginning with building internal support for the project.
Build Internal Support
Workforce identity transformation affects the entire organization, changing how applications are onboarded, how access is managed and even how users are provisioned. When proposing a change of this magnitude, you must first build internal support for the change. The identity team at Freddie Mac did this by reaching out to the individual business units in their organization. The team made them aware of the current and potential issues, outlined the plan to mitigate the risks and ultimately got their buy-in to make the switch to a new platform.
Research IAM Vendors
The next step was vetting solutions. Rather than approaching vendors directly, Freddie Mac first wanted to perform their own internal assessment of workforce identity solutions in the market. They leaned heavily on reviews and analyst reports from Gartner and Forrester to get an unbiased overview of the top players.
Conduct a Proof of Concept (POC)
The final step was inviting a selected group of vendors to participate in a proof of concept. A POC levels the playing field by creating a common set of criteria. In Freddie Mac’s case, the team also used the POC to introduce specifics that were unique to their use cases and environment. For example, they had specific authentication and authorization requirements. They also had concerns about support for standards and scalability that needed to be addressed.
What Successful Workforce Identity Transformation Looks Like
The POC led the Freddie Mac identity team to choose a joint workforce identity solution from Ping Identity and Sailpoint. The Ping + Sailpoint solution was chosen for its ability to meet Freddie Mac’s requirements both immediately and moving forward, including providing them with the best support during the migration off of their legacy system. While the technology weighed heavily, their decision ultimately came down to the team that would give them the best chances for success. And succeed they have.
In addition to Ping and Sailpoint, Freddie Mac enlisted the help of Ping implementation partner LikeMinds to supplement their internal capabilities with expert resources in the migration and deployment of identity infrastructure. So far, the combined team has:
- Migrated more than 400 applications
- Deployed SSO for cloud and mobile devices
- Leveraged mandatory multi-factor authentication (MFA) to strengthen security
- Consolidated on a single digital identity for all workforce users
- Enabled business-to-business federation capabilities
- Delivered a better user experience
Want to learn more about migrating from legacy WAM to a modern workforce identity solution? Freddie Mac, who’s also a finalist in the 2020 Identity Excellence Awards for their workforce identity transformation, recently joined Ping, Sailpoint and LikeMinds for a webinar to share their complete story. Watch the webinar replay now.
