Make sure it's turned on so that pingidentity.com can work properly.
DB Schenker | Ping Identity Customer Success Story
Implemented centralized IAM for over 300,000 employee, contractor, partner, and customer identities.
Strengthened two-step authentication with FIDO2-enabled risk-based authentication.
Migrated 50 applications to new authentication service seamlessly thanks to standards support.
Delivered integrations to centralized identity service in 30 minutes or less.
DB Schenker Innovates by Consolidating Workforce & Customer Identity Management
DB Schenker is a global logistics leader and partner to large organizations who rely on them for on-time delivery and stable, secure services. Competing against better-known competitors, DB Schenker is committed to differentiating themselves by providing land transport, worldwide air, and ocean freight solutions that challenge the status quo.
DB Schenker’s culture of innovation extends throughout their organization, including identity management. After identifying the need for a more secure and modern authentication service, they saw a bigger opportunity to undertake a digital transformation initiative and provide better, more streamlined access to resources and information for both their workforce users and customers.
The DB Schenker team, led by their head of identity management, James Naughton, sought to extend their existing identity and access management (IAM) infrastructure to secure employee access and take advantage of the cloud. Schenker needed support for modern web-based authentication protocols like SAML and OpenID Connect and multi-factor authentication (MFA). Additionally, their new solution needed to support additional web-based authentication and authorization protocols, including SCIM and RADIUS.
Seeking to maintain a “Schenkerized” solution that maintained continuity in look and feel, James and the team defined a rather unique requirement: they wanted to centralize on a single identity management service for all users, encompassing employees, contractors, partners, and customers. This required a flexible and customizable solution that would support unique configurations of the user interface and flow for each type of user.
The DB Schenker team also needed to overcome challenges posed by the coexistence of a central authentication service alongside an Azure AD solution for employee Microsoft access. They wanted to eventually provide MFA to every employee without negatively impacting their experience or the usability of either service. Rounding out their new solution requirements was the need for stability, as well as deployability to their Kubernetes cluster to enable scalability based on demand.
James and the team asked iC Consult, their IAM consultant and systems integrator, to conduct a proof of concept. They ultimately selected Ping Identity to provide the authentication and authorization capabilities needed to deliver a consolidated and centralized identity management service. With the help of iC Consult’s developers, the DB Schenker team started the roll-out of their new Ping solution alongside their existing authentication service. Then they started to migrate integrated services to Ping.
The first stage of implementation included delivering the platform, including simple authentication and a minimum viable product for customer MFA. This first iteration included a Schenkerized user interface for authentication and full integration into DB Schenker’s existing identity management infrastructure. They also delivered a complete suite of verification options for all users, including the PingID mobile and desktop apps, and mobile SDK, as well as SMS.
The DB Schenker team next extended the solution by adding their first risk-based authentication policies based on the type of user and the application they’re attempting to access. This allowed them to streamline access by minimizing friction for low-risk access requests, while also paving the way for future passwordless authentication.
In the past, we needed to invest significant time and resources to develop integrations. But now we simply configure the system and can deliver technically complete integrations in 30 minutes, a decrease in effort of 75%.
Head of the Schenker Identity Management Service
Armed with a true federation platform, the DB Schenker identity team is able to centrally manage critical security policies and control access and authentication to their applications. The addition of risk-based MFA allows them to provide an even higher level of security for access to our IT landscape, creating peace of mind for both the team and their customers. They’ve also reduced integration time to 30 minutes, a 75% improvement over their previous workflow.
Like many in similar positions, the DB Schenker team must prove the value of identity management to their leadership. The work-from-home orders imposed during COVID-19 gave them an opportunity to shine. A short time to market was required to ensure uninterrupted business services to their customers. The team was able to quickly take their existing authentication service and extend it to provide RADIUS authentication. This, in turn, gave them increased VPN capacity to ensure their employees had reliable and secure remote access.
As the team looks ahead, they’ll continue to seek ways to innovate and push the boundaries of identity. Their current initiatives include progressing toward passwordless authentication and continually improving the system to support workforce productivity.
More About DB Schenker
DB Schenker is one of the world's leading global logistics providers. With 2,100 locations and more than 76,900 employees across the world, DB Schenker supports the global exchange of goods through land transport, worldwide air and ocean freight, contract logistics, and supply chain management.
iC Consult Group and its companies - iC Consult, xdi360, IAM Worx, and Service Layers - specialize in Identity and Access Management (IAM). The services we provide include IAM Business and Process Consulting, Architecture and Design, Implementation and Integration, Managed Services, and our Identity as a Service offering: Service Layers.