SENEC GmbH, a leading German provider of intelligent electricity storage systems and energy solutions, operates a suite of internal and customer-facing services such as SENEC.Cockpit, SENEC.Control, and Mein SENEC.
All of these services had their own authentication and authorization mechanisms. This led to:
- Highly fragmented identity infrastructure with overlapping identity providers and protocols
- Duplicated effort in access control management across applications
- Increased maintenance overhead and operational complexity
- Inconsistent user experience and difficulty in scaling security policies
Our Solution
Unravel designed and implemented a centralized, scalable IAM platform leveraging open-source technologies and modern security practices. The architecture introduced:
Centralized Authentication with Keycloak
- Keycloak was adopted as the central Identity Provider (IdP), replacing siloed authentication solutions.
- Integrated multiple external identity sources, including:
- MEK IDP (custom enterprise IdP)
- Azure Active Directory (for Microsoft 365 and internal access)
- Mein SENEC (for customer logins)
- Enabled OIDC and SAML 2.0 protocols for seamless federation
- Deployed in high-availability mode with session clustering and database failover for resilience
- Supported multi-tenancy and realm-based segregation for different user groups and service boundaries
Open Policy Agent (OPA) Authorization
- OPA was embedded into applications via sidecar and SDK integrations
- Policies were written in Rego, OPA’s declarative policy language
- Enabled centralized policy management with version control and audit logging
- Supported attribute-based access control (ABAC) based on user roles, request context, and resource metadata
- Policy decision points (PDPs) externalized from application logic, improving maintainability
Monitoring & Observability
- Prometheus collected metrics from IAM components and custom services (e.g., authentication latency, policy evaluation times, login success rates)
- Integrated Grafana dashboards provided real-time visualizations of:
- Login trends
- Failed authentications
- Policy decision distribution
- Resource access patterns
- OpsGenie connected to Prometheus AlertManager for real-time alerting on anomalies or outages, enabling faster incident response
The Outcome
SENEC’s new IAM infrastructure delivered:
- Seamless Single Sign-On (SSO) experience across all services, improving UX for both customers and employees
- A unified, scalable IAM architecture reducing operational overhead
- Zero Trust-aligned security with centralized policy enforcement and federated identity management
- Improved visibility and incident response through robust monitoring and alerting
This transformation positioned SENEC to securely scale its service ecosystem while maintaining centralized control over access and security policies.