A safer, more open, and more inclusive Sandefjord

Sondre Andersen, IT manager and acting head of digitalization in the municipality, says that the municipality had a traditional intranet when he started the job. An intranet with general information, which many did not know how to access or even that it existed.

– Now we have developed and launched a workspace that all employees have access to with a single login, where you have access to all the applications you need for your job from one screen. In addition, you are presented with customized information and access to all professional systems relevant to you as an employee and user. This is unique in the municipal context, he says.

Old and new in the same place

The use of software in the public sector is changing. Many use applications developed for another time, while newer applications are often in the so-called cloud. Kai Thorsrud, partner and system architect at the IT consulting company Sicra, says the challenge is to gather these different applications in a portal with access via a single login.

– Applications that are scattered everywhere make it complicated with a common authentication method. What we have done is to assemble already available solutions. Even those developed in another time with different mechanisms and requirements for security and availability. While previously there were a number of passwords for different applications, the municipality's employees now have access to everything in one place. Passwords on yellow notes are non-existent, he says.

Two-factor authenticated

The employees in Sandefjord municipality are now two-factor authenticated. Sondre Andersen explains that this practically means using so-called "conditional access" where rules are defined for when, how, and how often users should use the authorization.

– It is very important that security solutions do not negatively affect the good user experience. That employees are two-factor authenticated means higher security as the endpoint is qualified to be a machine. This means that all applications can be used on new user interfaces such as tablets, PCs, and smartphones regardless of when and where. Important applications can be used where the work is actually carried out, he says.

Microsoft Teams – no longer email

The new workspace for Sandefjord municipality is based on Microsoft Teams, which is the teamwork hub in Office 365.

– I almost dare to say that using Microsoft Teams as a landing page is controversial. By combining Teams with Valo and SharePoint, we have achieved a secure and perfect solution for collaboration and relevant information sharing. The solution significantly simplifies the everyday life of the municipality's employees and students. It is both a revolution and evolution. We see a marked decrease in the use of email in the municipality in general, while here in the IT department we have completely eliminated it, says Sondre Andersen.

Hybrid solution

Since the new workspace is for all students and employees in the municipality, it is extremely important that security is maintained so that sensitive information is not compromised. Kai Thorsrud says that by using Citrix FAS (Federal Authentication Service) integrated with CA (Active Directory Certificate Authority), users in the municipality can be seamlessly authenticated in a Citrix environment.

– Sandefjord municipality now has a hybrid solution. We have modernized existing technology without compromising security and availability. On the contrary, he says.

Everything available regardless of location

All applications can now be authorized via AzureAD. Citrix ADC performs AzureAD authentication of the user and then runs a login to the service behind it via traditional Windows authentication mechanisms.

– The advantage is that we can do SSO (Single Sign-On) for users who, for example, are on an iPad or smartphone. AzureAD also provides us with tools to authenticate access based on what kind of machine the user is using, what the security status of it is, and where the user is located. In the end, it is about making all information available in a secure way regardless of where the user is, concludes Sondre Andersen.

Technical facts about the solution

The purpose of the solution and project for Sandefjord municipality is to provide users with a simple portal, or workspace, where employees have access to all necessary and critical applications for a more efficient, secure, and user-friendly workday. Unique to the project is also that the municipality's employees receive customized and relevant information depending on their position and needs. By using Citrix Storefront, startup icons and links to applications published in Storefront can be published in one place – in this case, Microsoft Teams.

All applications can authenticate, or authorize, users via AzureAD. With Citrix ADC, AzureAD authentication of the various users is performed and then a single login to the service behind it is run via traditional Windows authentication mechanisms. This means that Windows SSO can be done for users who, for example, are on an iPad or smartphone. AzureAD also has tools to authenticate access based on what kind of machine the user is using, what the security status of it is, and where the user is located.

Identity

Azure AD delivers authentication with MFA for all applications such as Office 365 and other SaaS applications, On-Premise web applications, as well as Windows applications delivered via Citrix XenApp. Client devices enrolled in Intune provide further granular authorization via "Conditional Access."