Dongfeng Motor Corporation (DFL) was established on June 9, 2003, through a strategic collaboration between Dongfeng Motor Group and Nissan Motor Co., Ltd. It stands as the pioneering automotive joint venture in China, offering a comprehensive range of passenger cars, light commercial vehicles, automotive components, and equipment. DFL seamlessly integrates automotive design, research and development, procurement, production, sales, after-sales, and mobility services. In addition, it represents Nissan's sole comprehensive collaboration project overseas. With four prominent brands, namely Dongfeng, Nissan, Venucia, and Infiniti, and a registered capital of 16.7 billion RMB, DFL holds a significant position in the Chinese market, committed to delivering diverse automotive products that cater to the diverse needs of consumers.
Account: The internal account management system within the group has a low level of information technology coverage. Users are required to keep track of multiple application URLs and sets of account passwords. Moreover, due to the lack of integration between identity data across different business systems at Dongfeng Automotive, there are instances where organizational and user identity data are not synchronized in certain application systems. Furthermore, in terms of account management, horizontal cross-platform integration is not feasible. Additionally, some AD-based applications can only synchronize accounts and are unable to synchronize user passwords.
Data source:The HR system data source relies primarily on manual data entry, resulting in a limited method of data acquisition. As a consequence, the data synchronization between various systems is not timely or efficient;
Process: The system authentication is decentralized, requiring each system to develop its own authentication module during the construction phase. Additionally, there is a lack of standardized and centralized approval processes across various application systems.
Audit security: There is a risk of weak passwords in a significant number of systems. Each application system conducts independent audits, making it difficult to effectively monitor the usage of accounts. Consequently, there are numerous invalid users (such as empty accounts or zombie accounts) present in various systems.
-Through the implementation of the Paraview unified identity management platform, administrators can efficiently manage user identities and their corresponding application system accounts. This platform offers a user-friendly web-based interface, enabling administrators to configure comprehensive account lifecycle management processes. It facilitates the creation, modification, retrieval, activation, and deactivation of AD/Exchange accounts for Dongfeng Automotive users.
Notably, the platform ensures seamless integration by allowing the synchronization of user password changes from the AD domain or Exchange back to the identity management platform. Moreover, a convenient self-service platform is provided, empowering users to access and update their personal information effortlessly. Users can conveniently modify certain personal details or change their passwords, ensuring a streamlined and user-centric experience.
-Client login interface: Paraview provide a customized UI that aligns with the DFL corporate style, utilizing this UI to customize the unified authentication login portal and Applist page.
-Role-based and group-based authorization: Based on predefined rules, user roles can be defined according to different job positions or hierarchical levels. These roles can then be assigned to users based on their organizational structure, such as departmental groups. Access permissions can be set for roles or groups to control user access to specific resources.
-Application Single Sign-on: Enable seamless single sign-on integration with SEA, Lync, AD domain desktop, as well as equipment and component applications. After successful authentication through the unified authentication system, users can directly access the authorized application systems without the need for multiple login credentials.
-Source data system synchronization: Utilize the API provided by the E-HR system to achieve full and incremental data synchronization of personnel identity information and organizational information.
-Application integration standards: Paraview provide Oauth 2.0 application integration standards for internal enterprise applications. Additionally, Paraview support SAML protocol authentication for integration purposes. For client-server (CS) applications, Paraview offer form-based integration for seamless connectivity.
-Unified SSO password policy: By centrally storing user passwords,Paraview can ensure consistent management of user passwords. Moreover, Paraview enforce a password policy that mandates password updates every 90 days and verifies compliance with requirements for length and complexity. This helps to enhance the security of user accounts and passwords.
-Enhanced MFA Authentication: To ensure the security of platform and user access, Paraview have implemented strong multi-factor authentication (MFA) for external and remote access users and applications. This robust authentication method provides an additional layer of security, helping to protect against unauthorized access. By requiring users to provide multiple forms of verification, such as password and biometric authentication or a unique token, Paraview enhance the overall security posture of our system and ensure a safer user experience.
-AD Domain Desktop Single Sign-On: By integrating IAM (Identity and Access Management) with domain controllers, Paraview enable seamless single sign-on for users within the domain. This integration allows users to access their desktops immediately upon startup, enhancing the overall user experience.
-Unified authentication for internal and external networks: Paraview have implemented Single Sign-On (SSO) to support authentication for external network access. This enhancement provides seamless integration services for applications deployed on the DFL external network. Additionally, enabling HTTPS access ensures the security of the IAM platform, making it more convenient for users to access the platform without having to go through the cumbersome process of connecting through a VPN when accessing the platform remotely.
1、Based on a foundational dataset, four core services are established, which, through a centralized identity management service, create a comprehensive, unified, and authoritative identity data source.
2、Providing standardized authentication and authorization foundational services to applications, comprehensively enhancing security.
3、Enhance data security and achieve interconnectedness in management for improved collaboration.