HaCon Ingenieurgesellschaft mbH UCS: IDM, SAML, Groupware and more at HaCon

At the beginning of 2019, those responsible for IT at HaCon decided to commission Univention with setting up a classic UCS domain with around 500 client computers. Univention Corporate Server handles the identity management internally at HaCon, provides all employees with a groupware solution and other tools. A further, superordinate UCS server connects partner companies in Germany, France, and the USA and, among other things, provides single sign-on (SSO) via SAML for collaborative cloud solutions.

Requirements

The goal of the project was to operate a secure and dynamic platform that would meet the current and future needs of software development and project management teams. A central and uniform administration for the heterogeneous IT landscape was requested. Existing solutions were using OpenLDAP and Active Directory – so two different directory services were in use and it was necessary to synchronize the double data storage. Univention Corporate Server should perform the following tasks for HaCon:

• Administration of users, groups and computers (approx. 500 clients in a heterogeneous environment)
• Providing DNS and DHCP services
• Connection of the email and groupware solution Zimbra using a UCS connector
• Single sign-on with SAML authentication for internal and external services
• Expansion of the identity management and integration of further cloud services
• Print Server with CUPS

Further cloud services, which were also used by the partner companies, should be connected via a separate UCS server. This required synchronizing the user and group objects with the other domains.

UCS as a Solution

In order to set up UCS as the central identity management system, first the identities were imported from the existing OpenLDAP and AD directory services. The app AD-compatible Domain Controller uses Samba and extends UCS with Active Directory functions. This enables the operation of an AD-compatible domain controller with UCS and provides a login service for Windows computers in the domain. The existing DHCP and DNS settings were also adopted for the UCS server.
Afterwards the groupware connection was implemented. HaCon relies on the Zimbra Collaboration Suite, an email and groupware solution that is mainly used via a web interface. In the Univention App Center the Zimbra Connector is available, which synchronizes the user accounts of a UCS domain to Zimbra (in one direction). In this way, defined UCS users get access to the Zimbra Collaboration Suite and will be automatically updated and deleted. Users authenticate themselves with their UCS username and password. Then they have access to the groupware solution.
Finally, SAML authentication was set up for some services and collaboration applications such as Nextcloud and ownCloud.

Outlook

Even after the successfully implemented measures, there is still some work to be done. The advantages of the uniform UCS-based solution can now be used to drive the expansion of cloud identity management, the CUPS-based print server and the further development of the SSO solution.

Conclusion

A large part of the new platform has been put into operation to HaCon’s complete satisfaction. The new solution with Univention Corporate Server reduces the total costs while simultaneously increasing the range of functions. The HaCon employees are not only satisfied with the user interface, but now have full control over their own data on their own servers.