Added value

  • Enhanced, secure access to applications - thanks to ForgeRock’s OpenAM platform, which is more up to date and offers greater stability;
  • Save time thanks to RockKit – an automated deployment tool which is integrated with the platform;
  • A monitoring system which has been designed to be managed inhouse by the SPF teams, using their own tools;
  • Improved efficiency: No impact on users who can continue to work unhindered even during server reboot. This is due to a persistence layer, which was not available before.

The challenge

Successful migration towards the new IAM platform is subject to a number of factors:

  • Ensuring careful planning and budgetary considerations;
  • Maintaining compatibility with existing system/IT functionalities;
  • Successfully integrating new IT functionalities;
  • Guaranteeing uninterrupted operational service and stability (‘Uptime’) for approximately 23 000 employees as well as millions of citizens and other authorized users.

The project

In 2005, SPF Finances requested Paradigmo to develop an IAM solution for its employees, (also known as ‘internal users’). Over the years, the IAM services of SPF Finances have further developed and this has enabled successful integration of an increasing number of applications.

In 2010, a second project was initiated with the goal of expanding IAM services to include external users- also including citizens, as well as other authorized users such as accountants. The project was called FedIAM and its aim is to authenticate these external users and provide them with access to the applications of SPF Finances (the most well-known of these include Tax-on-Web and MyMinFin). Paradigmo successfully delivered on this project, by using the Oracle platform OpenSSO.

In 2017, SPF Finances once again relied on Paradigmo to completely overhaul the IAM platform and migrate towards ForgeRock’s OpenAM solution. This is a fixed-price project within the framework of a contract with SPF BOSA (SPF Beleid & Ondersteuning - Stratégie et Appui).

The solution

This platform migration has been executed by Paradigmo during 2017 and 2018. SPF Finances successfully migrated to ForgeRock’s OpenAM platform running on a Linux environment – which is more modern, has increased stability and enhanced security. As a result, it has now improved from grade B to grade A.

Thanks to RockKit (which is the automated deployment tool), the implementation of the new platform has been done even faster. The RockKit methodology makes it possible to respond very quickly to all migration requirements.

As well as the migration itself, two new applications have also been added :

  • A tool which provides a simulation of any access request from any user;
  • The second application enables the helpdesk to directly check a user’s rights and permissions without having to login, and to suggest that the user request the correct access role.

The migration has been successfully achieved on time and on budget. This is thanks in large part to Paradigmo’s efficient working methods and the provision of additional resources when required.

Technical sheet

  • ForgeRock’s OpenAM platform (which also integrates the RockKit methodology);
  • The Federal Authentification Service;
  • The Policy manager;
  • The Mandate Database.

ForgeRock’s OpenAM platform especially supports the following applications:

  • Applications used by the Customs and Excise department (for example the management of excise duty on tobacco)
  • BIZTAX (= taxes on businesses)
  • The DMAT treasury application (management of ‘titres dématérialisés’)
  • MyMinFin and Finpro (declaration of ‘précompte professionnel’)
  • An application which monitors the cash registers used in the catering industry
  • MyRent (for rental leases)
  • Intervat (concerning the management of VAT statements);
  • Tax-on-web;
  • URBAIN (for specific documentation required by notaries, surveyors and other experts in this field). More details are available on the internet
  • Webform which entails a series of forms, such as SECAL.


Buro & Design Center – Suite 511b
Esplanade 1 – box 91
B-1020 Brussels
T: +32 2 427 55 02
Axis Parc
Rue Fond Cattelain, 2
B-1435 Mont-Saint-Guibert