How JOSHMARTIN released a multi-tenancy service for tracing Covid-19 cases in one month with ZITADEL
JOSHMARTIN developed a service for health departments to make tracing of cases , such as SARS-Cov-2 spread, more efficient. ZITADEL was used for secure authentication of users and enabling customers to self-manage their data, settings, and access.
Key outcomes
- Release of Hygeia within one month with very few resources
- Compliance with strict data governance
- Hosted login and self-service access management for customers provided by ZITADEL
Challenge
JOSHMARTIN built Hygeia right in the middle of the SARS-CoV-2 pandemic to support efficient contact tracing. The departments for health required a solution for collection and processing of personal data for contact tracing during the pandemic. Data should be accessible only to authorized personnel from the responsible department and should remain in Switzerland at all times. Due to the rapid spread of the pandemic, time-to-market and efficient development was crucial.
Solution
Some developers of JOSHMARTIN have tried out ZITADEL already before the development of Hygeia and are also familiar with other solutions such as Auth0 that have been used for other projects. Eventually it was decided to go with ZITADEL because of the fast and competent support, as well as data is stored and processed in Switzerland exclusively.
Multiple segregated health departments, each managing their own users, are using Hygeia. For each health department a separate organization was set up and JOSHMARTIN granted the project Hygeia to customers’ organizations. With this setup each department can self-manage their users and access to the application on their own. As this is already built into ZITADEL, minimal development was required for this authorization.
The rigid guidelines on information security required to strictly manage access to the application. This meant on the one hand to provide secure authentication with 2FA and on the other hand fast synchronization of user information and their access rights.
JOSHMARTIN used ZITADEL’s default login flow and allowed customers to manage their own settings regarding the login page and authentication methods. A service account is used to lifecycle users periodically even after the initial provisioning to the application. Highest accuracy was achieved by validating not only the session at the introspect endpoint with each call, but also request user information and roles from the user-endpoint without application-side caching.
The project was implemented when ZITADEL was still in a closed beta version. The teams worked closely together to ensure security, optimal integration, and performance of the systems.
Result
JOSHMARTIN went live with the first version of Hygeia only one month after project initiation, with only 2 developers and 1 project manager. ZITADEL provides a secure login, user management, and self-service authorization for the multi-tenancy service.
Future Plans
Hygeia is currently being used by three cantonal health departments. JOSHMARTIN is working towards a greater adoption of Hygeia in other cantons, also through expanding capability to trace not only SARS-CoV-2 cases.
Testimonials
“What I like is that I can reach out to someone and receive fast and competent feedback on the request. The team really cares about it.” - Jonatan Männchen
About the solution
Hygeia is an application for collecting and processing personal and case data in connection with pandemic diseases. To learn more about the solution and further links at joshmartin.ch/en/projects/kanton-st-gallen-contact-tracing/
Code BEAM V Europe 21 featured a talk about the development of the solution on YouTube.
Hygeia is cross-licensed under the Business Source License and the Apache License and is available on https://github.com/jshmrtn/hygeia.
About Joshmartin
Joshmartin GmbH
Neugasse 51
9000 St. Gallen
https://joshmartin.ch
- Specialize in business automation on the web platform
- Focus on finance, insurance and medical sectors in Switzerland
- Team Size: 7