DDIL and air-gapped network environments are common, and sometimes required, in Department of Defense (DOD) environments. Units may deliberately choose to operate in DDIL environments, but equipment failures, outages, or hostile action can force them to operate in these environments.

When operating in a DDIL environment, DOD units must retain access to critical systems to ensure mission success. This includes having a flexible and resilient Identity, Credentialing and Access Management (ICAM) solution that enables agencies to maintain uninterrupted application access during outages.

Path redundancy is critical to extending the enterprise services as close to the tactical edge as possible. This can include satellite, 5G, local internet providers, and government-owned network paths. Path redundancy can reduce the number of disconnected scenarios, provide a better user experience, and significantly increase the operational visibility and cybersecurity protections.

Ensuring Identity Continuity

Oxford Computer Group, Strata Identity, and Saviynt have created an ICAM solution for DDIL environments that integrates with Microsoft Entra ID. It is a robust and versatile solution designed specifically to ensure the uninterrupted availability of Authentication and Single-Sign-On (SSO) capabilities for organizations operating under challenging conditions. This includes environments characterized by disconnections, intentional denials, intermittent connectivity, and/or limited bandwidth.

The solution addresses the complexities and limitations faced by agencies that need to operate efficiently despite these constraints. By focusing on this multifaceted approach, we provide a seamless and reliable authentication experience that upholds security standards and user convenience – even when the network conditions are less than ideal.

The solution includes components from Microsoft Entra ID, Microsoft Sentinel, Microsoft Copilot for Security, Strata Identity, Saviynt, and Keycloak, with Microsoft Entra ID as the primary identity source. Identities are provisioned to Saviynt EIGA.

Saviynt EIGA provides identity services and provisions users in Keycloak for authentication and SSO for apps and services at the edge. Saviynt EIGA and Strata Identity are co-located with Keycloak to provide identity management and governance in both connected and disconnected operations.

The solution provides a highly mobile, compact package that can be quickly deployed and utilized in a variety of tactical and edge environments.

Solution Benefits

• Uninterrupted Access and Operational Continuity: Ensures continuous authentication and SSO, even during outages or low-bandwidth conditions, minimizing downtime and keeping agencies operational and efficient.
• Enhanced Security and Resilience: Reduces the risk of unauthorized access and protects against vulnerabilities during system failures with a robust backup mechanism that maintains secure identity management.
• Adaptability Across Environments: Supports seamless access management in various conditions, including remote or disconnected environments, regardless of connectivity issues or geographical constraints.
• Improved User Experience and Compliance: Provides a seamless login experience while meeting regulatory requirements and internal security policies with consistent access controls and audit trails.
• Cost Efficiency: Reduces the negative impact of downtime by ensuring resilient identity management systems, decreasing the need for costly emergency interventions.