Identity Continuity for Disconnected, Denied, Intermittent, Limited (DDIL) Environments

The joint solution provides adaptable single sign-on and security for DOD agencies in disconnected and low-bandwidth scenarios.

DDIL and air-gapped network environments are common, and sometimes required, in Department of Defense (DOD) environments. Units may deliberately choose to operate in DDIL environments, but equipment failures, outages, or hostile action can force them to operate in these environments. In either case, DOD units must retain access to critical systems to ensure mission success. This includes having a flexible and resilient Identity, Credentialing and Access Management (ICAM) solution that enables agencies to maintain uninterrupted application access during outage

Oxford Computer Group, Strata Identity, and Saviynt have created an ICAM solution for DDIL environments that integrates with Microsoft Entra ID. It is a robust and versatile solution designed specifically to ensure the uninterrupted availability of Authentication and Single-Sign-On (SSO) capabilities for organizations operating under challenging conditions. This includes environments characterized by disconnections, intentional denials, intermittent connectivity, and/or limited bandwidth. The solution addresses the complexities and limitations faced by agencies that need to operate efficiently despite these constraints.

By focusing on this multifaceted approach, we provide a seamless and reliable authentication experience that upholds security standards and user convenience – even when the network conditions are less than ideal.

The solution includes components from Microsoft Entra ID, Microsoft Sentinel, Microsoft Copilot for Security, Strata Identity, Saviynt, and Keycloak, with Microsoft Entra ID as the primary identity source. Identities are provisioned to Saviynt EIGA. Saviynt EIGA provides identity services and provisions users in Keycloak for authentication and SSO for apps and services at the edge. Saviynt EIGA and Strata Identity are co-located with Keycloak to provide identity management and governance in both connected and disconnected operations. The solution provides a highly mobile, compact package that can be quickly deployed and utilized in a variety of tactical and edge environments.

Solution Benefits

Uninterrupted Access and Operational Continuity: Ensures continuous authentication and SSO, even during outages or low-bandwidth conditions, minimizing downtime and keeping agencies operational and efficient.
Enhanced Security and Resilience: Reduces the risk of unauthorized access and protects against vulnerabilities during system failures with a robust backup mechanism that maintains secure identity management.
Adaptability Across Environments: Supports seamless access management in various conditions, including remote or disconnected environments, regardless of connectivity issues or geographical constraints.
Improved User Experience and Compliance: Provides a seamless login experience while meeting regulatory requirements and internal security policies with consistent access controls and audit trails.
Cost Efficiency: Reduces the negative impact of downtime by ensuring resilient identity management systems, decreasing the need for costly emergency interventions

To learn more about ensuring identity continuity for DDIL environments, contact Oxford Computer Group.

Further Resources

White Paper: Identity Continuity for DDIL Environments