TrustBuilder helps drive digital transformation at Allianz Benelux
The insurance industry is considered a stable market, but digital transformation is striking in this industry too. Digitization changes the relationship between insurance companies and their brokers, on the one hand, and is urging more direct communication with their end customers on the other. A stable Identity and Access Management (IAM) strategy is key in building trust between all the parties involved. That’s why Allianz Benelux turned to TrustBuilder Identity Hub as the cornerstone in solving its IAM challenges.
The Information Security team at Allianz Benelux knew it had to find a solution when Microsoft announced it would stop developing its Threat Management Gateway (TMG) product and would end support for it in April 2020.
Brokers want SSO and Federated Authentication
As Allianz Benelux works with a network of independent brokers, the company had to offer multiple authentication methods to its customers. Many brokers use the Portima network that was developed specifically for the Belgian insurance market, and brokers do not want a separate authentication method for every different insurance company they work with. “Brokers want their employees to log on once in the morning and then be able to connect to all applications at our different partners. Single Sign-On and Federated Authentication are prerequisites for brokers in working with us,” says Philippe Mermuys, Information Security Officer at Allianz Benelux.
At the same time, Allianz is also building new relationships with its customers. Insurers working with brokers traditionally have little or no interaction with the actual person taking out the insurance with the exception, for instance, of a yearly status report on a life insurance or group insurance policy. Digitization is changing that. That’s why the marketing department was closely involved in building the business case: Marketing wants to enable customers to perform self-onboarding online rather than filling out the traditional paper sign-up forms. This will prove very valuable if Allianz decides to adopt a B2C strategy.
Strong authentication of choice
Allowing consumers onto the Allianz applications requires strong authentication, either with a Token or another authentication method. “Tokens are too expensive to distribute to every customer. For one thing, a customer may only log in once or twice a year.” For its end customers too, Allianz wanted to offer the possibility to log in using a strong authentication method of choice, such as itsme, eHerkenning, or simply a One Time Password SMS (OTP-SMS). “Every authentication method has its advantages and disadvantages. Itsme for instance is heavily pushed by the Belgian government, but only 1.5 million Belgians use itsme. That necessitates offering other authentication methods. One of our conditions is that User Access Management needs to be as light as possible for the consumers.”
Contrary to many local insurers who also act as banks, Allianz Benelux did not have the experience that banks have in offering customers access to their information and does not have an installed base of authentication devices.
TrustBuilder Identity Hub as an orchestrator
After a market scan, Allianz Benelux decided to work with TrustBuilder and its TrustBuilder Identity Hub. “We needed to work with a company that had a feeling for the specifics of the Benelux market and support for local identity providers such as itsme in Belgium and Luxembourg or eHerkenning in the Netherlands,” said Mermuys. “We also know that TrustBuilder works with other companies such as Portima, Unified Post or OneSpan/Vasco and has a proven track record for integrating itsme.”
The Proof of Concept that Allianz Benelux set up with TrustBuilder in 2017 confirmed all the good impressions that Allianz had. “We were also successful in convincing the global IT department of Allianz of the fact that we needed a separate solution to address the specifics of the Benelux market.
TrustBuilder Identity Hub now integrates and orchestrates all these different authentication methods. TrustBuilder offers the right authentication method for each different role (employee, broker or end-user) and gives them access to the applications they are entitled to, with SSO between the applications. TrustBuilder lays the foundation for these different authentication methods, so that new applications can be easily added using the same security policies that are in place. If new authentication methods are required in the future, they only need to be implemented once on TrustBuilder to make them available to all applications.
For the brokers, TrustBuilder also supports a federated authentication method, thus allowing the broker to re-use his Portima or even his company credentials to authenticate. What’s more, TrustBuilder helps Allianz to be ready for the future, allowing new ecosystems for the insurance market, for instance connecting their users with 3rd parties such as car mechanics, plumbers, …
Path for growth
In all, Allianz needed to migrate some 40 applications from TMG towards TrustBuilder Identity Hub. “We experienced a number of challenges. While the Proof of Concept (POC) was tested in a cloud environment, we wanted the final solution to run on-premise. This was not easy, as we use two datacenters in Europe, with redundancy and load balancing between them.
Allianz Benelux migrated the applications one by one, kicking off with the applications for Life Insurance. Other applications are migrated gradually. In all, on the side of the brokers, some 15,000 people have access through TrustBuilder Identity Hub, and once customers start getting access too, the number of users will continue to grow. “With our current implementation and the two software appliances installed, this will not make us run into trouble,” said Mermuys.
In time the integration will also be made with ABS – the Allianz Business System that bundles all core systems together in one package – and will offer an alternative to the current mainframe system.
- Brokers can log into the Allianz applications using their authentication method of choice. Thanks to Single Sign-On, brokers’ employees need only log in once to get access to all applications.
- End customers of Allianz can check documents online. Using an authentication method of choice, customers log into their own portal where they can consult, print or download their information.
- Allianz Benelux employees get SSO access to all applications in the company.
- The open solution of TrustBuilder allows Allianz to create tech-ecosystems with third parties.
Allianz Benelux is a major player in the market of insurances and financial services. Allianz offers a wide range of products and services in Life and Non-Life Insurances for individuals, SMEs and enterprises. These products and services are offered through a network of independent brokers. Allianz Benelux has over 2 million customers and 2,000 employees and is a part of the Allianz Group – one of the leading integrated financial services providers worldwide.