SENEC GmbH, a leading German provider of intelligent electricity storage systems and energy solutions, operates a suite of internal and customer-facing services such as SENEC.Cockpit, SENEC.Control, and Mein SENEC.

All of these services had their own authentication and authorization mechanisms. This led to:

• Highly fragmented identity infrastructure with overlapping identity providers and protocols
• Duplicated effort in access control management across applications
• Increased maintenance overhead and operational complexity
• Inconsistent user experience and difficulty in scaling security policies

Our Solution

Unravel designed and implemented a centralized, scalable IAM platform leveraging open-source technologies and modern security practices. The architecture introduced:

Centralized Authentication with Keycloak

• Keycloak was adopted as the central Identity Provider (IdP), replacing siloed authentication solutions.
• Integrated multiple external identity sources, including:
  • MEK IDP (custom enterprise IdP)
  • Azure Active Directory (for Microsoft 365 and internal access)
  • Mein SENEC (for customer logins)
• Enabled OIDC and SAML 2.0 protocols for seamless federation
• Deployed in high-availability mode with session clustering and database failover for resilience
• Supported multi-tenancy and realm-based segregation for different user groups and service boundaries

Open Policy Agent (OPA) Authorization

• OPA was embedded into applications via sidecar and SDK integrations
• Policies were written in Rego, OPA’s declarative policy language
• Enabled centralized policy management with version control and audit logging
• Supported attribute-based access control (ABAC) based on user roles, request context, and resource metadata
• Policy decision points (PDPs) externalized from application logic, improving maintainability

Monitoring & Observability

• Prometheus collected metrics from IAM components and custom services (e.g., authentication latency, policy evaluation times, login success rates)
• Integrated Grafana dashboards provided real-time visualizations of:
  • Login trends
  • Failed authentications
  • Policy decision distribution
  • Resource access patterns
• OpsGenie connected to Prometheus AlertManager for real-time alerting on anomalies or outages, enabling faster incident response

The Outcome

SENEC’s new IAM infrastructure delivered:

• Seamless Single Sign-On (SSO) experience across all services, improving UX for both customers and employees
• A unified, scalable IAM architecture reducing operational overhead
• Zero Trust-aligned security with centralized policy enforcement and federated identity management
• Improved visibility and incident response through robust monitoring and alerting

This transformation positioned SENEC to securely scale its service ecosystem while maintaining centralized control over access and security policies.