Who is Intescia?
Intescia is a holding company of several subsidiaries. Their purpose is to help B2B customers maximize their business opportunities by providing them the right type of information at the right time.
The Group is present in 4 countries: France, Spain, Tunisia and Mauritius. It has also reached € 28 million in turnover, with 12,000 customers and 420 employees.
What was the challenge of Intescia ?
Intescia is using Qlik as a BI reporting tool to allow their customers to analyze their data. However, they are considering alternative scenarios to reduce licensing costs while also improving their customer experience and performance. Intescia came to the experts of Lucy in the Cloud to propose a new approach to attain the desired results.
Our solution: a Cloud-based visualization tool powered by AWS
Our proposal put forward the idea to use QuickSight. after much consideration we were sure that this tool would meet Intescia’s requirements. On top of that, a robust authentication mechanism had to be foreseen to:
- Authenticate end users through a standard web solution like AWS Cognito;
- Automate the user’s sign-up between Cognito and Quicksight;
- Embed final dashboards into a Web page for authenticated users only;
- Use customized URL’s for Cognito (auth.business-insight.io) and Quicksight (dashboard.business-insight.io);
- Secure the solution with ACM – AWS Certificate Manager (SSL/TLS Certificate);
- Ease the deployment through a CloudFormation template;
- Build the cheapest technological solution. This meant we decided to use serverless tools like Lambda and API Gateway.
Our solution used the following components:
👉 The Amazon Cognito hosted UI provided by the app integration domain (dashboard.business-insight.io) performs all sign-in, verification, and authentication logic for the web app. This allows only to authenticate users. The users are only registered by the Cognito administrators.
👉 After a user is authenticated with a valid username and password, an OpenID Connect token (ID token) is sent to Amazon IAM Federated Identities. The token retrieves temporary AWS credentials based on an IAM role with “quickSight:RegisterUser/CreateUser” permissions.
👉 The ID token, along with the encoded URL, is sent to API Gateway to authorize the API call.
👉 The URL is passed on to a Lambda function that calls the Quicksight API to access the published dashboards and embed them into the Web page provided by the Lambda Function.
The results for Intescia
Intescia’s primary goal, which was to reduce its visualization tool costs, has been achieved with success, by reducing the costs by 40%.
The use of QuickSight also provided the following advantages:
- Customers can get blazing fast responses when the data is retrieved to build dashboards, they can easily publish dashboards and easily control features available in those dashboards and they can take advantage of automated and customizable data insights that are powered by machine learning
- Ability to federate users, groups, and single sign-on with IAM Federation (Open ID connect) through Amazon Cognito for authentications
- In terms of security, Intescia can grant granular permissions to the data, and encrypt data at rest and in transit
- Ability to embed interactive dashboards quickly and efficiently into a customized web page (provided by an HTML page embedded into a Lambda Function)