SENEC GmbH, a leading German provider of intelligent electricity storage systems and energy solutions, operates a suite of internal and customer-facing services such as SENEC.Cockpit, SENEC.Control, and Mein SENEC.

All of these services had their own authentication and authorization mechanisms. This led to:

• Highly fragmented identity infrastructure with overlapping identity providers and protocols

• Duplicated effort in access control management across applications

• Increased maintenance overhead and operational complexity

• Inconsistent user experience and difficulty in scaling security policies

Our Solution

Unravel designed and implemented a centralized, scalable IAM platform leveraging open-source technologies and modern security practices. The architecture introduced:

Centralized Authentication with Keycloak

• Keycloak was adopted as the central Identity Provider (IdP), replacing siloed authentication solutions.

• Integrated multiple external identity sources, including:

  • MEK IDP (custom enterprise IdP)

  • Azure Active Directory (for Microsoft 365 and internal access)

  • Mein SENEC (for customer logins)

• Enabled OIDC and SAML 2.0 protocols for seamless federation

• Deployed in high-availability mode with session clustering and database failover for resilience

• Supported multi-tenancy and realm-based segregation for different user groups and service boundaries

Open Policy Agent (OPA) Authorization

• OPA was embedded into applications via sidecar and SDK integrations

• Policies were written in Rego, OPA’s declarative policy language

• Enabled centralized policy management with version control and audit logging

• Supported attribute-based access control (ABAC) based on user roles, request context, and resource metadata

• Policy decision points (PDPs) externalized from application logic, improving maintainability

Monitoring & Observability

• Prometheus collected metrics from IAM components and custom services (e.g., authentication latency, policy evaluation times, login success rates)

• Integrated Grafana dashboards provided real-time visualizations of:

  • Login trends

  • Failed authentications

  • Policy decision distribution

  • Resource access patterns

• OpsGenie connected to Prometheus AlertManager for real-time alerting on anomalies or outages, enabling faster incident response

The Outcome

SENEC’s new IAM infrastructure delivered:

• Seamless Single Sign-On (SSO) experience across all services, improving UX for both customers and employees

• A unified, scalable IAM architecture reducing operational overhead

• Zero Trust-aligned security with centralized policy enforcement and federated identity management

• Improved visibility and incident response through robust monitoring and alerting

This transformation positioned SENEC to securely scale its service ecosystem while maintaining centralised control over access and security policies.