Momentus Inc.
Startup company with about 50 employees, located in Santa Clara, USA. The company provides transportation services for satellites in space.
User
Startup company with about 50 employees, located in Santa Clara, USA. The company provides transportation services for satellites in space.
Requirements
- Identity management system for employee account management
- Connection of local Windows and macOS computers to UCS
- Connection of other services (file server, build system, Google cloud services
Solution
Setup of UCS as a central identity management system with the connection of Google Cloud services via the UCS G Suite Connector and instruction of Momentus’ employees.
Challenge: Central account management and easy adding of new users
Right from the start it was important to the young company Momentus to proceed systematically with regard to IT, instead of building up structures piece by piece and running the risk of having to retrofit missing systems and tools later at great expense. An on-premises identity management system should enable central, web-based control of all users and services. This had to take into account the company’s internal needs as well as the rules of the U.S. Department of Defense.
Setting up UCS as an identity management system
With the installation of UCS, the approximately 90 client computers (including Windows and Mac laptops as well as desktop computers) and mobile end devices could be linked to a central IdM. The UCS role concept defines authorizations within the domain. Users can access the user and group administration in the LDAP directory service via a special role, but cannot obtain any other administrative rights. UCS also offers templates that make creating new accounts child’s play: The name, mail address and access rights of the new account are automatically generated using predefined rules based on the user’s name and role.
UCS also scores points with the audit-proof LDAP logging (with cryptographic protection). The Univention Directory Logger records all changes in the LDAP directory service and thus enables all modifications to be tracked. Data records are provided with hash values. Thus, any manipulations to the log files can be detected immediately. This feature ensures that UCS meets the requirements of the U.S. Department of Defense, which is extremely important for Momentus.
Via the G Suite Connector from the Univention App Center, it was possible to ensure that all users have access to Google’s cloud services. The G Suite Connector provides users in the UCS environment with convenient single sign-on access to Gmail, Google Docs, Drive, and Calendar in the Google cloud. Besides, it synchronizes information with the clients and G Suite every time a user is created or changed.
Conclusion
Since no complex modifications had to be made to existing IT structures, the new environment was set up and implemented within a very short time. The result: as the IT department no longer has to deal with mundane tasks and has outsourced user/group administration, the employees save a lot of time and are more satisfied overall. With the centralized identity management, Momentus can now focus on its mission of providing space transportation for satellite operators at an affordable price.