Majedie Asset Management
Azure External Identities
Azure External Identities
Have a question?
Majedie Asset Management was founded in 2002 and is an independent, employee-owned investment firm. Majedie invests in shares of publicly quoted companies all over the world, across a range of UK, US and Global equity strategies. This is their core focus and this specialism is a key strength. Their clients range from institutions, charities and endowments to wealth advisors and intermediated retail investors.
Part of Majedie's commitment to their clients is to offer online access to a client portal that provides clients with up to date information surrounding the performance of their investments. Majedie's portal is widely utilized by over 1000 users, who log into the portal to track investment progress.
“With TMG reaching end of mainstream support, we turned to Extranet User Manager (EUM) to manage and administer our client users. We had some very specific requirements that went beyond the core product, and the EUM Team was able build those important functionalities and package them as part of a product release.”
Tim Crunden - IT Director, Majedie Asset Management
Majedie has been utilizing SharePoint for internal document management and internal collaboration for over 10 years. External client access was previously provided by Microsoft's Forefront Threat Management Gateway (Forefront TMG), which will reach the end of extended support on April 14, 2020. This alongside some architecture challenges that Majedie wanted to prevent prompted them to begin looking for a solution to replace the existing Forefront TMG setup.
With SharePoint as the desired platform to integrate into, Majedie had a few requirements that had to be met in order for the solution to deploy successfully. First and foremost, Majedie did not want to continue creating client accounts in the internal Active Directory. They wanted to enable external users to self-serve reset their own passwords and they were looking for a simpler administrative user interface for the client service team to setup new user accounts and troubleshoot client issues with the portal.
Majedie connected with the Extranet User Manager team and worked collaboratively to meet Majedie's requirements for external user management. They deployed the Extranet User Manager (EUM) product as an App Service hosted in Microsoft Azure and then setup a trust between the SharePoint farm and EUM as the federated identity provider. Due to rigorous controls over access, Administrators within the client service team at Majedie are responsible for adding new users to the portal through EUM's administration user interface. This provides a much simpler intuitive interface compared to the previous Active Directory. Additionally, EUM enables the client users to manage their own password credentials and in the event they forget their password, they can go through a simple process to reset their password without having to contact the client service team.
After Majedie had completed a series of testing and configuration, they realized that there were 2 functionalities they desired that were not initially built into the EUM product. The team at Extranet User Manager adopts a co-funding model when a client brings forward a functionality that would add value into the overall product. The EUM team will co-fund half of developing the actual feature and then make it available to all existing clients if they choose to upgrade to a more recent release. The first of these was to satisfy a requirement where Majedie needed to ensure that the portal is working correctly when logged in using the client accounts. To satisfy this the EUM team developed an impersonation feature where an admin user can impersonate logging in as a client. The second requirement was the need to enable multi factor authentication (MFA) on a user by user basis. Majedie wanted to implement MFA gradually rather than everyone at the same time. Although EUM supported MFA, it was an all or nothing approach where every user would be required to use MFA or none. The team at Extranet User Manager was able to deliver on both of these functionalities.
The updated client portal with EUM as the identity provider was launched out to Majedie's clients in August of 2019. Since the initial launch, the client service admins have onboarded over 1000 user accounts. EUM provides a very customizable interface for their login so the technical team at Majedie was able to customize this interface so it would be simpler for existing users to login through EUM. With the audit logs generated by EUM, Majedie was able to feed into their analytics solution called QlikView, this gives them a concise summary into activity relative to EUM.
One of the foreseen next steps for Majedie is to integrate EUM with additional WordPress applications that are exclusive to their clients. Because Extranet User Manager supports multiple authentication protocols, it can be configured to provide single sign on into both the WordPress applications and the SharePoint utilizing a single user account.