Incomplete or outdated access management processes are not only a significant burden for IT and an unnecessary expense but also prevent compliance with modern security and regulatory policies.
A leader in the oil & gas space in Oman employs 8,000 employees and 45,000 contractors. All of those users needed access to company applications, and a technical solution was required to handle authentication at such a large scale.
There was no automation of the ‘joiner, mover, leaver’ policies, user permissions levels, or approval requests. The processes were mostly carried out manually and sometimes required paperwork, which was inefficient, generated high operating costs, and increased the risk of unauthorized access.
The organization needed an identity and access management solution to provision the accounts with access to required systems and resources. The aim of the project was to accomplish the following objectives:
In partnership with Microsoft Oman, we deployed a solution that automated identity lifecycle management for internal and external users. This included access provisioning: creating AD accounts and mailboxes and adding users to groups; and deprovisioning: disabling AD accounts and mailboxes.
We drafted guidelines for access to data sources with different levels of sensitivity. We also provisioned self-service accounts using Microsoft Identity Manager (MIM) for resetting passwords, which reduced helpdesk call volume. The system was also integrated with SMS as one of the authentication steps.
To strengthen information security and reduce the risk of data breaches, we developed separate usage scenarios for employees and external contractors. Finally, we established a system of record as a central source of information about employees in the organization.
The MIM-based solution enabled our client to reduce manual work in favor of automation, which translated into reduced costs, greater accuracy, and increased efficiencies in IT operations.
It also provided robust capabilities to meet their long-term needs, as the organization’s enterprise identity and access management strategy evolves.
The new system provisions all types of users, including employees and contractors, with the right access entitlements, based on their profile information and their role in the organization.
The solution also enforces compliance with corporate security and regulatory policies and increases protection against identity breaches.