Added value

  • Simple and secure access to applications in NGA HR’s cloud;
  • A tailored standard solution, with the regular user experience of NGA HR;
  • A partner, specialised in IAM, that provided complementary work and support to the team at NGA HR.

The context

NGA Human Resources designs, implements, maintains and uses HR solutions for businesses, and provides HR services.

NGA HR develops its own cloud solution, which hosts two major applications: Payroll Exchange (PEX) and MyHRW. MyHRW is a ticketing system that receives clients’ questions. Payroll Exchange gathers the information from the administration of the different providers’ salaries and offers this information in a practical app to the clients of NGA HR.

NGA HR added SAP SuccessFactors to its cloud, as well as other cloud applications such as Workday. NGA HR’s long-term goal is to offer all its applications in its own cloud.

As employee information is sensitive data, security is crucial. NGA HR also wanted to ensure that its clients could identify themselves very simply.

The project and Paradigmo

An Identity & Access Management solution was necessary. NGA HR made a comparative study of various providers of Identity & Access Management solutions. ForgeRock is a flexible and adaptable source, but it can also be easily extended. It has several modules and, unlike other applications, ForgeRock offers a full spectrum of Identity & Access Management. The software has a low digital footprint and can simultaneously process many users. Moreover, the ForgeRock company has excellent references. So the choice was quickly made.

NGA HR then went looking for the best partner for the implementation. Paradigmo, a specialist in Identity & Access Management and Governance, impressed NGA HR with its in-depth knowledge of ForgeRock, and its references and experienced consultants. Paradigmo had staff with the knowledge required to tailor ForgeRock.

Paradigmo and NGA HR assessed what was the best way to meet the needs of NGA HR. They chose the optimal configuration and extra developments, notably diverse tailored modifications. For instance the user interface was adapted to NGA’s branding in order to create the best user experience, and small plug-ins were implemented in various locations to satisfy all wishes. Paradigmo also developed a tool to automate the software lifecycle’s management. Upon release, patches and new versions are tested in the development environment; after approval, they are put into production with minimal human intervention and using Paradigmo scripts.

The result

A user can now connect once to the NGA HR cloud and immediately access all the applications. After the addition of new applications, the client’s IT department does not have to establish a new connection, because the user automatically has access to it via the existing login. It’s simple and clear, which is important for a services provider.

Security lies at the heart of ForgeRock’s line of business, which increases the security of NGA HR. This also means that ForgeRock enables new ways for people to get connected, for example mobile users. As the login is centralised, there is just one kind of system management and a single log file. So it is very easy to see which user is connected at any time.

NGA HR’s application team grants rights to users for the different applications. For audit purposes, this team is completely separate from the project team.

Added value

  • For clients, unified control of the access to new cloud applications;
  • For clients, single sign-on;
  • For employees, after mergers and acquisitions: provide a single consolidated account using multiple Active Directory domains;
  • For employees, single sign-on, including Office365.

Technical sheet

  • Full spectrum of ForgeRock: OpenAM, OpenIG, OpenDJ, OpenIDM;
  • ForgeRock OpenAM used as SAML Proxy IDP as the front-end of NGA HR’s IDP (among other uses);
  • Consolidation of the Active Directory domains via ForgeRock OpenDJ and OpenIDM;
  • Protection of the legacy applications via ForgeRock OpenIG.


Buro & Design Center – Suite 511b
Esplanade 1 – box 91
B-1020 Brussels
T: +32 2 427 55 02
Axis Parc
Rue Fond Cattelain, 2
B-1435 Mont-Saint-Guibert