AWS Partnership: Migrating Nikon’s Customer IAM to AWS and Auth0

Nikon is a globally recognized leader in imaging and optical products, providing cutting-edge cameras, lenses, and professional imaging solutions. With a strong focus on innovation and customer experience, Nikon sought to modernize its Identity and Access Management (IAM) infrastructure to enhance security, scalability, and user experience.

Nikon’s legacy Customer IAM system was hosted on-premises and built using ForgeRock. This system presented multiple challenges, including:

• Scalability limitations – The on-premises infrastructure was costly to scale and maintain, leading to performance bottlenecks.
• Availability – The traditional server-based solution offered challenges of availability and performance during peak traffic moments.
• Operational safety and reliability – Limited snapshot-based backup options increased the risk of data loss during normal operations.
• Security and compliance risks – The on-premises solution requires keeping operating systems, tools, and applications updated to overcome security vulnerabilities.
• User experience challenges – The existing system lacked modern Oauth2 capability which made it more difficult to integrate with Nikon’s customer applications.
• High operational overhead – Maintaining and upgrading the legacy IAM solution demanded significant IT resources.

To overcome these challenges, Nikon decided to migrate its Customer IAM to a cloud-based solution leveraging AWS and Auth0 for enhanced performance, security, and user experience.

TBSCG executed a strategic migration plan to transition Nikon’s Customer IAM from ForgeRock to a scalable and secure cloud architecture using AWS and Auth0.

1. Assessment & Planning:

   • Conducted a comprehensive analysis of Nikon’s existing ForgeRock-based IAM implementation.
   • Identified dependencies, integrations, and user authentication flows to ensure a smooth transition.
   • Developed a phased migration strategy to minimize downtime and disruption.

2. Cloud Infrastructure Deployment:

   • AWS was selected as the hosting platform, providing a reliable and scalable foundation.
   • AWS Lambda and API Gateway enable a cost-effective, infinitely scalable serverless solution.
   • AWS SNS & SQS were selected to provide a decoupled event driven architecture for asynchronous operations, providing a future-proof, maintainable architecture.
   • AWS CloudFormation & SAM were selected to ensure high quality infrastructure as code, allowing safe and structured deployments on production and non-production environments.
   • Auth0 was integrated to manage user authentication and Single Sign-On (SSO) capabilities.
   • Auth0 was implemented for customer identity management, enabling modern authentication methods such as OTP login, social sign-ins, and MFA.

3. Seamless Data Migration:

   • Migrated user identities and authentication data from ForgeRock to Auth0 with minimal impact on end-users.
   • Implemented AWS Lambda functions for advanced features like customer driven profile updates, and serving those capabilities to other first party Nikon applications.
   • Ensured encryption and secure transmission of credentials during migration.

4. Security & Compliance Enhancements:

   • Configured AWS IAM, and AWS CloudTrail for centralized security monitoring.
   • Enabled Multi-Factor Authentication (MFA) and advanced fraud detection mechanisms.
   • Implemented role-based access control (RBAC) to enforce security best practices.
   • Implemented policies for AWS resources that provide least privilege access.

5. Testing & Optimization:

   • Conducted rigorous pre-production testing, including authentication flows, session management, and API integrations.
   • Monitored performance using Amazon CloudWatch and fine-tuned configurations to optimize response times.
   • Provided training and documentation for Nikon’s IT team, as well as business users on managing the new IAM environment.

6. Go-Live & Ongoing Support:

   • Executed a seamless cutover strategy to transition customers to the new IAM system with minimal downtime.
   • Provided post-migration support and continuous monitoring to ensure system stability and security.

• Enhanced Security – Strengthened IAM security with Auth0, and AWS serverless services, ensuring compliance with industry standards.
• Scalability & Performance – The cloud-based architecture enables Nikon to handle growing authentication workloads without performance degradation.
• Improved User Experience – Faster, seamless authentication flows and support for modern login methods enhance customer satisfaction.
• Reduced IT Overhead – Offloading IAM management to Auth0 allows Nikon’s IT team to focus on innovation rather than infrastructure maintenance.
• Future-Ready Architecture – The modular cloud-based solution supports future enhancements, such as easy integrations with all OIDC and SAML2 applications, as well as advanced IAM features such as AI assisted bot protection or OTP and Passkey authentication.

• AWS API Gateway – Rest API for Customer account related services
• AWS Lambda – Cost effective compute for both synchronous and asynchronous functions related to customer IAM.
• AWS SNS & SQS – Decoupled architecture for asynchronous capable services. As well as notification messages for critical error states.
• AWS CloudFormation & SAM – Allows us to store and deploy Infrastructure as code via git.
• AWS Code Pipeline – Automating code deployments from git repositories, eliminating the requirement for individual developers to deploy from their own environments.
• AWS CloudWatch – Real-time monitoring of IAM system performance.
• AWS IAM – Granular access control and security management.
• AWS CloudTrail – Audit logging for compliance and security monitoring.
• Auth0 – Cloud-based identity management solutions for seamless authentication and authorization.

By partnering with TBSCG, Nikon successfully transitioned from an on-premises IAM solution to a cloud-based, modern authentication platform. This migration has provided Nikon with a highly secure, scalable, and user-friendly IAM system, enabling a better experience for customers while reducing operational complexity.