Il s'agit d'un texte à l'intérieur d'un bloc div.
Il s'agit d'un texte à l'intérieur d'un bloc div.
WeWeb
Xano
Retool

Comment remplacer Okta par Keycloak et GraphQL avec du low-code.

Application pour les consommateurs
Low-code
USH compte plus de 20 000 utilisateurs internes, dont la gestion sur plusieurs plateformes n’était pas centralisée. Okta aurait été trop coûteux. Découvrez comment nous avons utilisé une combinaison de WeWeb, Keycloak et GraphQL pour gérer ces 20 000 profils d’utilisateurs.

Opportunité

USH is a federation of federations, providing central support services to it's members. They provide SSO infrastructure and IAM for more than 20.000 users. Okta was way too expensive and USH needed to manage in a central way user accounts CRUD, propagate then those users to multiple other applications: CRM, Active Directory, LDAP, Drupal website, JIRA, Microsoft Office licences activation and some other internal applications.

Solution

Keycloak is used as IAM, very easy to integrate with, we built a middleware layer using Apollo GraphQL which provides a single graph endpoint for all users related operations and finally a beautiful WeWeb front-end application was created to provide unified portal to create, update or desactivate users.

Keycloak + GraphQL + WeWeb

Managing over 20,000 users is always a challenge, especially when they are part of hundreds of different organizations and their data is spread across multiple applications. Typically, we often see these issues addressed with a combination of AD and IAM solutions like Okta. However, Okta’s pricing is geared towards enterprises, and having 20,000 users usually implies a very large company with a substantial budget.

GraphQL Query Call

USH, on the other hand, is a non-profit federation providing centralized services for its members, where Okta would be prohibitively expensive. We devised a more elegant solution. User management was based on Keycloak, an open-source IAM. We added a GraphQL layer on top of Keycloak to manage users and their data. GraphQL's resolvers connected to multiple backend APIs where parts of the user data were located: CRM, Drupal, LDAP, and others where actions were necessary upon user creation or archiving, such as granting JIRA access, activating Microsoft Office licenses, and managing newsletter subscriptions.

Finally, we created a front-end using WeWeb. We took advantage of the ease of connecting GraphQL to WeWeb and developed a set of screens to create, update, change emails and attributes of existing users, and archive those who left, disabling them in each application.

Not as easy as it may seem

On paper, it might seem straightforward: write some resolvers with Apollo GraphQL, connect a few APIs, create three to four screens on WeWeb, and voilà. But in reality, it's a highly distributed system that involves orchestration and synchronization of data across ten different applications. A minor change or error can destabilize the entire system. Debugging was a real nightmare; we could spend several hours investigating a small change in a field attribute that crashed the entire workflow of user creation. We urgently needed a solution to avoid spending too much time on the project.

To address this, we first implemented a global logging system using Datadog. We also covered most of the user journeys with automated, end-to-end tests. These measures immediately accelerated the project, and we're now able to run and deploy changes within a few minutes.

Furthermore, we wish to emphasize the importance of effective inter-team communication between the IT department of USH, Keycloak integrators, and managers of different applications. A single JIRA, Slack, and GIT were established, with regular on-site meetings organized to align everyone and prepare for future releases.

API
Performances
Contenu
SEO
Données
Application pour les consommateurs
Ingénierie logicielle
Sur site
Développement mobile
ERP
E-commerce
Recrutement
Cloud
Migration de contenu
IA
Frontend
CMS
Headless
Backend
Low-code
Applications professionnelles
L'IA conversationnelle
Éducation
Médias et édition
Santé
Services financiers
Grandes entreprises
Start-Up

2024 Low-Code Benchmark : Top 50

Nous vous remercions ! Votre demande a bien été reçue !
Oups ! Un problème s'est produit lors de l'envoi du formulaire.

On vous offre 30 minutes de consultation!

Réservez votre appel