Backend work
Back to gallery

SSO and service catalog for contractors

The project connected two things users needed together: unified login for corporate services and a catalog that made service access, rules, and contractor next steps visible.

Service catalog screen with SSO access and contractor account cards.
Role
Developer and technical consultant in the project team
Timeline
2 months for SSO MVP, 3 weeks for service catalog
Stack
Keycloak, Active Directory, PHP/Symfony, Vue.js
Focus
Unified login, contractor onboarding, service access
SSO MVP in 2 months, service catalog in 3 weeks, Keycloak as Identity Provider, Active Directory as the identity source, SSO for the first corporate service, and the first custom contractor account on PHP/Symfony and Vue.js.
01

Access fragmentation

Employees and contractors worked across disconnected services: separate links, logins, passwords, and instructions. A lost password quickly became a support ticket, and onboarding external users still depended on manual coordination.

02

First release boundary

The first release could not cover every access scenario. It needed one entry point, integration with the existing identity infrastructure, and a contractor path that could grow after the first services were connected.

03

Keycloak setup

Keycloak became the Identity Provider, while Active Directory remained the identity source for the first stage. This avoided a custom authorization layer and kept the existing user base intact.

04

Service catalog

The first service catalog was released in three weeks while the SSO part was being finalized. It solved a practical question for users: where to find a service, what access rules apply, and what to do next.

05-07

Approach

05

Contractor account

Boxed platforms were too heavy for the first scope. The contractor account used PHP/Symfony and Vue.js so the team could avoid platform overhead and keep the interface close to the real onboarding process.

06

MVP release

In two months, the team set up development infrastructure, agreed the SSO structure, configured Keycloak, connected Active Directory identification, and enabled SSO for the first corporate service.

07

Operational change

After launch, the contractor path became easier to explain, fewer password questions went to support, and the service catalog removed part of the daily navigation friction.

08

Further work

The contractor account could continue from the MVP using real usage data: which services people needed most, where they hesitated, and which permissions were actually requested.

Working through something similar?

Discuss a similar task
PIM catalog for online sales The 3-month launch covered a Pimcore catalog for 100k+ SKUs, import and export flows, bulk edits, approval steps, barcode-based image matching, and product variant grouping. Open case Marketplace product-card editing 72 product cards went through the experiment. After four months, the draft-and-editor process reached a comparable search effect: optimized cards gained 351 positions on average, production time fell by 55%, and budget fell by 32.5%. Open case