GHGSat Inc. monitors greenhouse gas emissions worldwide via satellite and processes highly sensitive customer data in the process. To reliably control access, permissions, and compliance requirements, the company relies on Nubus as its central Identity & Access Management solution.
User
GHGSat Inc. is a Canadian company headquartered in Montreal, Quebec, specializing in satellite-based remote sensing of greenhouse gases, air pollutants, and other trace gases. Using its own satellite constellation, GHGSat measures emissions directly at their source, providing companies in the oil, gas, and mining industries worldwide with the data they need for emissions monitoring.
In addition to its headquarters in Montreal, GHGSat operates four other locations in Ottawa, Houston, London, and Calgary. The company employs around 200 people, approximately 150 of whom work at the Montreal headquarters.
Requirements
- Replacement of an expensive, outdated, and decentralized in-house solution for web applications without PC integration
- Central administration of all devices and users
- Support for Linux and Windows endpoints within a shared infrastructure
- Single sign-on (SSO) via SAML for web applications
- Complete, audit-proof logging of all administrative activities
- Compliance with strict security requirements imposed by Canadian, U.S., and European authorities for aerospace companies
- Legally compliant protection of privileged system accounts
Solution
Nubus serves as the central Identity & Access Management solution for Windows and Linux clients, Linux servers, as well as single sign-on for web applications and the development environment. Nubus ensures that users authenticate once and can then access all connected systems and applications without separate passwords for each service.
Components used: Samba 4, manual Ubuntu integration, Keycloak, and the UCS Directory Logger for automatic logging of all changes to user accounts, groups, and permissions.
Initial Situation
The data delivered by GHGSat’s satellites is highly sensitive: it provides detailed information about industrial facilities, their operational status, and environmental compliance. As an aerospace company, GHGSat is therefore subject to strict security requirements imposed by Canadian, U.S., and European authorities—including the complete traceability of all administrative access.
The existing IT infrastructure could no longer meet these requirements. Multiple operating systems on servers, separate user management systems, and different authentication methods significantly complicated administration. The existing solution was costly, decentralized, and technically outdated.
Microsoft Active Directory and Zentyal were ruled out during the evaluation process. Nubus from Univention stood out as the only solution that natively integrates Linux clients and directly provides the required compliance logging through the Directory Logger.
Implementation
GHGSat introduced Nubus in February 2019—under unusual conditions: the company’s security requirements did not permit direct external access to the servers. A Professional Services engineer from Univention therefore supported the project exclusively on site and via email. The fact that the project still proceeded smoothly despite these restrictions demonstrates how practical UCS is even in regulated environments with enhanced access protection requirements.
The rollout itself was carried out in four phases. In the first phase, web-based corporate services were integrated with UCS. User accounts and groups were also standardized during this step. In the second phase, end-user operating systems were connected. This was followed by the integration of development environments and satellite communication systems. Finally, documentation and security certification were completed.
This is what our customer says.
Newsletter
Stay updated on all news about Univention and our IAM products via email.
Get started
Contact Our Team Directly.
