Danish life science company with a particular focus on treating and combating chronic diseases. Internationally represented with clinical trials in more than 50 countries, 43,000+ employees in 80 locations around the world and marketing of products in 170 countries.


In connection with the optimization of especially R&D’s use of the business-critical AWS services such as AWS Glue, Redshift and SageMaker for data analysis and ML, as well as a need for better exchange of data between Microsoft Azure Active Directory and AWS, seamless integration and access across be established.

The customer wanted to be able to GxP validate the system as a prerequisite for license-to-operate within life science. This required the implementation of a solution that enabled single sign-on across the different platforms and systems with clearly defined user profiles (UIDs) for roles, permissions and access.


The two supporting elements in the solution are respectively AWS Cognito and AWS IAM (Identity and Access Management), so that AWS IAM handles roles and authorization generated from data in AWS DynamoDb via an MS Active Directory integration or data entered directly in a special graphical user interface (GUI) developed by KeyCore . Cognito provides authentication, but only as a direct mirror of MS Active Directory.

Furthermore, together with the customer’s own QA resources, KeyCore has ensured that the solution is qualified in the customer’s own QMS.


The implementation of KeyCore’s solution means that the company has been able to GxP-qualify the entire solution and thus also use the extremely critical data sets, which can only be processed in systems and solutions that are qualified on the basis of all individual components – including single sign-on – at the same time as , that employees can move seamlessly between the two platforms Microsoft Azure Active Directory and AWS.

Thus, users are recognized across the platforms and bring their user profiles with associated roles, permissions and access. The seamless integration also means that changes in the user profile of an MS enterprise account are reflected automatically and immediately in the UID for logging in to AWS and access to the business-critical services.

Scroll to Top