Case study

Streamlining identity and access processes using MIM

With thousands of internal and external users needing to access your IT resources, proper access management protocols are crucial.
Company Size:
8,000+
Industry:
Oil & Gas
Country:
Oman
Technologies used:
Microsoft Identity Manager
Windows Server

Incomplete or outdated access management processes are not only a significant burden for IT and an unnecessary expense but also prevent compliance with modern security and regulatory policies.

Challenge

A leader in the oil & gas space in Oman employs 8,000 employees and 45,000 contractors. All of those users needed access to company applications, and a technical solution was required to handle authentication at such a large scale.

There was no automation of the ‘joiner, mover, leaver’ policies, user permissions levels, or approval requests. The processes were mostly carried out manually and sometimes required paperwork, which was inefficient, generated high operating costs, and increased the risk of unauthorized access.

The organization needed an identity and access management solution to provision the accounts with access to required systems and resources. The aim of the project was to accomplish the following objectives:

  • Streamline identity and access processes by introducing a web-based interface and automating access provisioning and deprovisioning across multiple systems.
  • Lower administrative costs by reducing the current burden placed on IT through automation, self-service, and delegation of administration.
  • Enforce stricter security controls by providing robust authentication and authorization mechanisms to make sure that users can only perform the tasks that they have been granted permission to.
  • Increase regulatory compliance by proactively adhering to governmental and commercial regulations for identity and access management.

Solution

In partnership with Microsoft Oman, we deployed a solution that automated identity lifecycle management for internal and external users. This included access provisioning: creating AD accounts and mailboxes and adding users to groups; and deprovisioning: disabling AD accounts and mailboxes.

We drafted guidelines for access to data sources with different levels of sensitivity. We also provisioned self-service accounts using Microsoft Identity Manager (MIM) for resetting passwords, which reduced helpdesk call volume. The system was also integrated with SMS as one of the authentication steps.

To strengthen information security and reduce the risk of data breaches, we developed separate usage scenarios for employees and external contractors. Finally, we established a system of record as a central source of information about employees in the organization.

Results

The MIM-based solution enabled our client to reduce manual work in favor of automation, which translated into reduced costs, greater accuracy, and increased efficiencies in IT operations.

It also provided robust capabilities to meet their long-term needs, as the organization’s enterprise identity and access management strategy evolves.

The new system provisions all types of users, including employees and contractors, with the right access entitlements, based on their profile information and their role in the organization.

The solution also enforces compliance with corporate security and regulatory policies and increases protection against identity breaches.

SHARE

Looks interesting? Book a free scoping call to see what we can do for you!

Stay up to date with the latest cloud insights from our CTO