SENEC GmbH, a leading German provider of intelligent electricity storage systems and energy solutions, operates a suite of internal and customer-facing services such as SENEC.Cockpit, SENEC.Control, and Mein SENEC.
All of these services had their own authentication and authorization mechanisms. This led to:
Highly fragmented identity infrastructure with overlapping identity providers and protocols
Duplicated effort in access control management across applications
Increased maintenance overhead and operational complexity
Inconsistent user experience and difficulty in scaling security policies
Unravel designed and implemented a centralized, scalable IAM platform leveraging open-source technologies and modern security practices. The architecture introduced:
Keycloak was adopted as the central Identity Provider (IdP), replacing siloed authentication solutions.
Integrated multiple external identity sources, including:
MEK IDP (custom enterprise IdP)
Azure Active Directory (for Microsoft 365 and internal access)
Mein SENEC (for customer logins)
Enabled OIDC and SAML 2.0 protocols for seamless federation
Deployed in high-availability mode with session clustering and database failover for resilience
Supported multi-tenancy and realm-based segregation for different user groups and service boundaries
OPA was embedded into applications via sidecar and SDK integrations
Policies were written in Rego, OPA’s declarative policy language
Enabled centralized policy management with version control and audit logging
Supported attribute-based access control (ABAC) based on user roles, request context, and resource metadata
Policy decision points (PDPs) externalized from application logic, improving maintainability
Prometheus collected metrics from IAM components and custom services (e.g., authentication latency, policy evaluation times, login success rates)
Integrated Grafana dashboards provided real-time visualizations of:
Login trends
Failed authentications
Policy decision distribution
Resource access patterns
OpsGenie connected to Prometheus AlertManager for real-time alerting on anomalies or outages, enabling faster incident response
SENEC’s new IAM infrastructure delivered:
Seamless Single Sign-On (SSO) experience across all services, improving UX for both customers and employees
A unified, scalable IAM architecture reducing operational overhead
Zero Trust-aligned security with centralized policy enforcement and federated identity management
Improved visibility and incident response through robust monitoring and alerting
This transformation positioned SENEC to securely scale its service ecosystem while maintaining centralised control over access and security policies.