Nassim Kobeissy

Bouygues Telecom is a major telecommunications operator, a subsidiary of the Bouygues group. The company has over 27 million customers and approximately 8,000 employees.

I joined the SI Transverse Architecture team to participate in the redesign and urbanization of IAM/CIAM/IGA solutions.

The mission's objective: regulatory compliance and optimization of customer digital journeys.

The team consisted of 50 functional architects with diverse skills.

My responsibilities:

- Redesign of password security (Argon2, ANSSI, CNIL)

- Implementation of the onboarding process for interns and contractors (Process, SAP HR, SuccessFactors, SailPoint, Azure AD)

- Implementation of the EUDIW POC (eIDAS 2.0)

- Redesign and urbanization of the SI around digital identity (keycloak, AD, Azure AD, OIDC, OAuth 2.0)

- Redesign of the B2B partner journey (Salesforce TABLEAU, forgerock, SAML2)

- Redesign of role mining and recertification processes (SailPoint)

- Scoping and functional design.

- Facilitation of workshops.

- Drafting of architecture documents.

- Cost estimation and negotiation with partners.

- Collaboration with business units, SI/enterprise architects, and development teams.

Technical context: Identity and Access Management (IAM), CIAM, Active Directory, Azure AD, IGA, OAuth 2.0, SAML2.0, SSO, OpenID Connect (OIDC), Microsoft Entra ID, Multi-Factor Authentication MFA, cybersecurity, GDPR, Role-Based Access Control (RBAC), Secure by Design, Zero Trust Architecture (ZTA), Authentication Systems, Identity Federation, eIDAS 2.0, EUDIW, Identity Governance, IT Audit, Argon2, ANSSI, CNIL, Encryption, keycloak, SailPoint

Bouygues Telecom is a major telecommunications operator, a subsidiary of the Bouygues group. The company has over 27 million customers and approximately 8,000 employees.

I joined the CIAM & API Management Development team to lead a team responsible for exposing and securing APIs related to identity and authentication.

The objective was to modernize the CIAM platform, strengthen communication security, and implement API Management best practices.

The team consisted of functional architects, back-end developers, and security experts, working transversally.

My responsibilities:

- Leadership of the CIAM API Management Development team. The Development team is responsible for exposing APIs, identity, and API security.

- Design, transverse architecture, process and customer data modeling.

- API, authentication, and authorization architecture.

- CIAM and API Management redesign (APIGEE, IBM DataPower, Forgerock).

- Study and deployment of API Management solutions.

- Best practices for API exposure and security.

- Project and product roadmap.

- Vendor relations.

Technical context: CIAM, OAuth 2.0, SSO Single Sign-On, OpenID Connect (OIDC), cybersecurity, Authentication Protocols, GDPR, Authentication Systems, Identity Governance, SAML2.0, APIGEE, IBM DataPower, Forgerock

I joined the "Transverse Studies and Master Plan" team within the "Service Platform" directorate to manage transverse projects and lead the master plan for CIAM and API Management solutions, aiming to modernize authentication platforms and service exposure.

The team consisted of about ten FTEs interacting with marketing, partners, enterprise architects, and development teams.

My responsibilities:

- Leadership of the redesign study for service exposure and authentication platforms (APIGEE, ForgeRock, PING Identity).

- Conducting an audit with a specialized company and coordinating with development teams.

- Drafting the specifications and managing the tender for CIAM and API Management solutions.

- Defining the master plan for exposure components and the Identity-Authentication platform.

- Defining the target architecture and urbanization rules for identity and API Management.

- Active technological watch on authentication standards and solutions.

- Contribution to the transverse architecture of several strategic business projects.

- Defining solutions around digital identity.

- Modeling customer identity and redesigning Bouygues Telecom's transverse identity.

- Interaction with marketing, partners, SI architects, enterprise architects, and development teams.

Technical context: CIAM, OAuth 2.0, SSO, OpenID Connect (OIDC), MFA, cybersecurity, Authentication Protocols, GDPR, Secure by Design, Zero Trust Architecture (ZTA), Authentication Systems, Identity Federation, Identity Governance, IT Audit, ANSSI, CNIL, Encryption, SAML2.0, APIGEE, IBM DataPower, Forgerock, token exchange, OpenAPI, swagger, SOAP, REST, plantuml, draw.io, Jira, confluence, mTLS, TLS 1.2, TLS 1.3