How Where What

Become GDPR Complaint is easy if you use right tools!

One password, no more continous password resets
Fast and easy user account management
Easier content management

Reduce risks of data breaches caused by poor password habits

Use your own password policy, to comply with security standards

Cut down new applications development costs (as you can reuse user management feaures provided by UMM “out-of-the-box”)

Optimize maintenance costs through setting up one centrally managed and comprehensive solution

Reduce software license costs through using open-source building blocks

Speed up new applications integration time and roll tem out to easily different markets

Organizations operation in pharmaceutical sector should realize the importance of using CIAM (Customer and Identity Access Management) Solutions. It might be support for successfully craft and implement digital strategy and allow improvement of relationship with customer. Ongoing business changes usually required to implement digital strategy which should be tailored to actual needs.


UMM ensures high availability achieved with installation of redundant instances of each component into separate availability zones. Situation such as failure of a single server or single database will not affect availability of the whole solution.


UMM is prepared for unexpected problems. In case of the failure of main components, such as Widget Server, Common Business API oraz database, solution provides tools and instructions for easy reinstall and recover of the components.


UMM was created with one of the best solution providers on the market, Amazon Web Services. UMM is monitored with specialized tool which allows to monitor anomalies from CPU and memory usage to front-end automation test response.



Vertical scaling allows improvement of performance of databases within several minutes. Each provided software component is prepared to use extra hardware resources like memory or CPU. Amazon Web Services provides administration console allowing to migrate to more powerful servers.


Horizontal scaling mitigates the effect of temporary increase in the load time caused by unusual users activity or marketing campaigns. Amazon Web Services EC2 administration tool allows to duplicated hardware instances in several minutes.



Service-Oriented Architecture allows a set of services to be available for users by integrating systems from end to end. UMM is adaptable to changes in business requirements and ensures easy addition of new services.


Event-Driven Architecture focuses on events defined as „a significant change in state”. This architecture provide improved communication within cluster of services concerning states of users and organizations profiles.



Auth 2.0 is an open standard for access delegation. This authorization framework allows users to grant applications access on other websites without sharing their passwords. Designed to work with Hyper Text Transfer Protocol (HTTP) standard and allows access tokens to be issued to third-party clients.


Secured communication will be provided with :

  • Hyper Text Transfer Protocol Secure (HTTPS) is a standard web transfer protocol which encrypts communication and secure connection with web applications.
  • Single-Sign On is an authentication process allowing users to grant access to multiple applications with one set of login credentials. Using SSO improves compliance and provides detailed user access reporting.

Key-cloak token – is necessary for authentication and registration process.


Simple integration with external systems possible because of using MULE ESB in the following cases:

  1. External identity provider
  2. External mailing provider
  3. External data source
  4. Data source synchronization

UMM allow using maximum scope of functionalities which might be implemented with the minimum installation time:

  • Business continuity during migration, uninterrupted business complexity
  • Intuitive operation directly affecting the period of user training
  • Short time of user training due to intuitive operation model

Technical Approach

Security architecture

API Security

Our solution is secured by the following standards: HTTPS and  oAuth 2.0.

Access will be granted with authorization token and all unauthorized access will be rejected and registered in the platform monitor.

SSO Security

Single-Sign On is ensured by Widget Server component over HTTPS protocol. It will provide authentication against LDAP and provide its functionality for VAS applications.

Common Business Widget Server

The main role of Widget Server is to provide a set of reusable and customizable forms, which are able to interact with ESB provided services. Widget Server has been designed in accordance with SOA principles.

Back-end database store configuration data which makes the solution flexible and ready for business requirements changes

CMS Facade is the component that uses data from Crown Peak CMS to provide internationalized labels on the form. It delivers the properties set for each application code that is registered in the Widget Server database.

ESB Facadeis the component used to mediate between Widget Server and Common Business API. Component communicates using HTTPS protocol and data is exchange in JSON format

Cache Service is used to reduce data preparation time and communication with Common Business API to maximal extent.

User agent is used to leverages the AngularJS framework to render the form GUI. It is a complete solution for rapid front-end development which allows users to personalize forms to meet the needs of organization.


Common Business API (ESB) is a set of routines, protocols and tools. ESB is used to specify how components should interact with each other. Managing and adding new components to solution is much easier and reduces chances of integration problems.

JSON/REST API – services provide by ESB are accessible via the REST protocol and expose interfaces based on a unified, canonical data model. This allows message logging for audit purposes, user authentication via token from Key cloak, validation by JSON and transformation of JSON message to Java Object. Invoking business logic with Mule VM request-response message.

BUSINESS LOGIC subcomponent provides main business logic for specific APIs which implement such functions as data transformation according to provided mappings, message validation between particular steps, response interpretation and API response preparation.

MAPPING REPOSITOR will be implemented as a set of java classes. Each service provided by ESB will have prepared set of classes. Mapping will be used with business logic by transformation of canonical objects and with adapters by transformation to external data models

VALIDATION MODULE will be used to validate incoming messages  by validation against JSON schema and execution of business rules maintained in Drools

RULES REPOSITORY will store validation rules and allow for rapid access and execution of various business rules. Rule repository management will be provided by eclipse-based tool Drools Guvnor.

CACHE MANAGER will provide access to in-memory cache for JSON schemas, technical configuration parameters and response messages for APIs with low propensity to change

MONITORING PLATFORM ADAPTER will provide interface for event publication. Every event will contain source, type, time of occurrence and additional data.

ADAPTERS will provide functions of external system for services implemented in the Business Logic layer such as: e-mail adapter, LDAP adapter, UM DB adapter, CMS adapter, AM adapter


Keycloak is an open source identity and access manager aimed at modern applications and services. Solution uses Single-Sign On and Single-Sign Out components which makes using your set of application a lot easier. Works with LDAP or Active Directory servers and provides easy access to log in with social networks.

Keycloak provides account administrators with Admin Console that allows them to centrally manage all aspects of the server such as enabling and disabling various features, manage applications and services and users including permissions and sessions.

Users can manage their own accounts from Account Management Console. They can update their accounts, change passwords and view history for the account.


Drools Guvnor is a Business Logic Integration Platform. It is a central repository tool to aid in the management of large numbers of rules. Using this solution helps to manage and maintain all business rules required by your set of systems connected with UMM.


Amazon Web-Services as one of the best web-service solution providers and guarantee UMM Security.


AWS have services that can be implemented as defense plan. UMM has implemented Route 53 that can help with an automatic response to help minimize time to mitigate and reduce impact of the attack.


AWS provides services that increase privacy and control network access. UMM is implemented with Amazon VPC that has built in network firewalls and allows to create private networks. All services are encrypted with TLS.


AWS offers additional layer of security to data in the cloud. Amazon Web-Service Relational Database Service is a solution that keep your data safe and encrypted.


AWS provides tools to keep you update on your environment. UMM uses AWS Cloduwatch service that alerts about issues that can impact your business. Coludwatch allows to decrease risks and increase security.

Relational Database Services

Cloud-based relational database, easy to set up, operate and scale.

Elastic Compute Cloud

Web service that provides secure, resizable compute capacity in the cloud.

Virtual Private Cloud

VPC allows to isolate section of AWS to launch resources in a virtual network with complete control.


Monitoring service for collecting and monitoring log files, track metrics, set alarms and responding to changes in resources. Cloudwatch monitors EC2 and AWS RDS

Route 53

Route 53 is a highly available and scalable cloud Domain Name System.


Web service that makes it easy to deploy, operate and scale an in memory data store or cache.


Mule is a lightweight Java-based enterprise service bus (ESB). Functionalities provided by this solution make integration of existing systems and data exchange easy and effective. Mule allows applications to communicate with each other by acting as a transit system.