Case Study

TrustBuilder powers digital transformation of HR services at SD Worx

The HR services market has undergone a deep digital transformation. From sending paper pay slips by ground mail just a decade ago, interaction with customers and customers employees has gone digital. A solid Identity and Access Management (IAM) system is needed to steer this digital transformation. In the case of Belgian market leader SD Worx, TrustBuilder Identity Hub is the engine that secures all interactions.

“SD Worx is a European frontrunner when it comes to digitizing HR services,” says Wim Adam, Web System Engineer at the Antwerp-based HR services company. “As a big player, we are at the forefront of new developments.” He has witnessed the evolution from paper to digital interactions, first with classic websites, later through mobile apps and the use of APIs for application that exchange information among them. A system that guards access to all sources is key in making this digital transformation successful, especially with the latest trend where SD Worx even offers access to an ecosystem of applications that belong to third parties.

 
Wim Adam
“The flexibility of TrustBuilder Identity Hub is a major bonus for us. It supports not only standard protocols, but proprietary protocols too. That is rare in other tools, which are sometimes SAML-only, and allow no editing. We can authenticate all our applications, even the legacy ones.”

– Wim Adam, Web System Engineer at SD Worx.

SD Worx logo

TrustBuilder as identity proxy

“We use TrustBuilder Identity Hub as an identity proxy,” said Adam. “It takes in an identity from any source and transforms it into another standard protocol or even a custom-made, proprietary protocol. This flexibility, translating from one protocol to another, is something you rarely see in other solutions. It is a huge advantage for us.” Over the years, SD Worx has grown by acquisitions in Belgium and the rest of Europe. In different countries, it uses different portals and different applications. “Our main aim is to set up an authentication component that can authenticate all types of applications from every country. We use TrustBuilder Identity Hub as an international single authentication platform to let customers start up any SD Worx application, using advanced features such as Single Sign-on (SSO), Multi Factor Authentication (MFA), etc.

Seamless, transparent log-in

The use of SSO and Federated Authentication is definitely on the rise at SD Worx: “Customers want their employees to log on seamlessly,” said Adam. “If employees are logged into the systems of their employer, they should automatically be authorized for our applications too.” Where people do not use SSO, they authenticate with username and password, plus two-factor authentication (2FA), where customers get a choice of digipass, a one-time password through SMS (OTP SMS) or Google Authenticator/Microsoft Authenticator. “We have a preference for these mobile authenticators, but not every company hands out smartphones to all personnel members,” Adam remarked.

TrustBuilder Identity Hub is completely transparent to users. “TrustBuilder allows us to build branding pages, so the entire system has an SD Worx look and feel. For the user, authentication is part of our portal.”

Scalability to support growth

In all, TrustBuilder authenticates users for close to 300 applications. “This ranges from just consulting pay slips to requesting vacation or even evaluating applicants.” TrustBuilder Identity Hub is used by some 4,000 SD Worx employees (who log in in the same way as external customers do) and over a million users at SD Worx customers. “In the coming years, we will migrate more of our international customers to the same platform.” Of course, they don’t all authenticate at the same moment, but there are definite peaks in traffic, explains Serge Van Kampen, Product Owner at SD Worx: “Every month there is a peak when the HR department calculates the wages, followed by customers’ employees consulting their pay slips. And there is a huge yearly peak when calculations for taxes are made and all employees want to view their tax statement.”

TrustBuilder as preferred IAM vendor

SD Worx regularly evaluates the IAM market, but TrustBuilder Identity Hub remains the preferred IAM solution, for many reasons. “Its flexibility is a major bonus for us,” said Adam. “TrustBuilder Identity Hub acts as an identity proxy for us, translating an identity from any protocol to any other protocol. Not only standard protocols, but proprietary protocols too. That is rare in other tools, which are sometimes SAML-only, and allow no editing. We can authenticate all our applications, even the legacy ones.” SD Worx appreciates the fact that exotic protocols can be configured by their own team, while often used or standard protocols are easy to implement thanks to the Graphical User Interface (GUI). 

“Whenever we ask TrustBuilder ‘can TrustBuilder Identity Hub support this?’ – we have never gotten no for an answer. That is most impressive, along with the fact that TrustBuilder does not force you to have all users in its own identity store. Some vendors obligate you to perform a user conversion. Our users reside in four different user stores and TrustBuilder can perfectly handle that.” – Wim Adam, Web System Engineer at SD Worx.

Flexibility and open communication

SD Worx also praises the flexibility of the company and its staff and the open communication. “Our internal TrustBuilder specialists do all the basic configurations and troubleshooting. For more complex customization or for large projects, we call on TrustBuilder. They are always ready for us” said Van Kampen. And whenever problems occur – software will be software – TrustBuilder is quick to help fix those issues.

“TrustBuilder also listens to our requests and builds new features into its roadmap and products. Seeing our requests appear in new versions of a product is remarkable. This allows us to stay ahead of the pack and differentiates us from our competitors who work with IAM vendors”. Adam cites OpenID Connect as an example. “TrustBuilder already supported OpenID Connect, but we requested specific features such as hybrid flow. TrustBuilder accommodated our requests. The product team saw the added value and went for it.”

Future forward

Digital transformation is a journey that never ends, and IAM keeps evolving at SD Worx. Adam and Van Kampen see two main trends: passwordless authentication and ecosystems. “Passwordless is really the future,” said Adam. “We want to make things as easy as possible for the users. One of the latest things we implemented with TrustBuilder was online support for fingerprint and PIN. TrustBuilder can recognize a device that has previously authenticated using 2FA and allows fingerprint or PIN to open the app again.”

Challenges

  • SD Worx was looking for an IAM solution that can authenticate all types of HR applications.
  • SD Worx wanted to let its users authenticate seamlessly using any authentication method.
  • SD Worx required a solution that supported both standard protocols and proprietary protocols.

Results

  • TrustBuilder ID Hub allows users to authenticate using Federated Authentication and Single Sign-On. TrustBuilder also supports 2-factor Authentication, one-time password, mobile authentication and fingerprint.
  • TrustBuilder ID Hub acts as an identity proxy, taking in an identity from any source and transforming it into another standard or proprietary protocol.
  • TrustBuilder ID Hub allows SD Worx to build branding pages, so the entire system has an SD Worx look and feel, creating transparency for its customers.

About SD Worx

SD Worx delivers a full range of quality services in the areas of payroll, HR and Tax & Legal. Active in ten countries, SD Worx is the number 2 in HR services in Europe and is in the top 5 worldwide. Its customer base includes more than 65,000 large and small organizations that are active in a range of industries. In 2019, SD Worx increased its revenue to €768 million.
SD Worx logo