With over 14,000 active employees and nearly 15,000 user accounts at any given time, Identity and Access Management was a major challenge. Add in the fact that over 200 applications are used on a daily basis, from point of sales, to financials and human resource information systems, you’ve got yourself a seemingly impossible task to manage identities securely and efficiently.
Arisant is a specialized Oracle Platinum partner that can provide you both expert IT services as well as the expertise to manage your IT budget and craft a vision for the future. Contact us to find out how our team can help your organization through its IT journey.
The client in this case study specializes in RVs, supplies for camping, and outdoor gear. Since its founding, the company has grown to operate retail/service locations in almost all 50 states.
With over 14,000 active employees and nearly 15,000 user accounts (including elevated and privileged accounts) at any given time, Identity and Access Management was a major challenge. Add in the fact that over 200 applications are used on a daily basis, from point of sales, to financials and human resource information systems, you’ve got yourself a seemingly impossible task to manage identities securely and efficiently.
They could no longer rely on manual systems for identity and access management. They needed a cost effective, secure and comprehensive solution to help with provisioning and account management. The challenge was managing user accounts in a rapidly changing business environment where roles and responsibilities continuously change. New hires and termination / leave status was particularly important as they needed to quickly and efficiently update provisioned and deprovisioned account access. As we all know time is money so it was important to reduce the time in provisioning access for newly on boarded employees. Implementing near real time provisioning means that there is no wasted time waiting for downstream system access which allows the new employees to begin their job immediately without waiting for access.
To choose the best Identity and Access Management solution, they turned to Arisant, a trusted strategic partner that had worked with the company before, to plan and implement a multi-faceted solution utilizing ForgeRock.
Automated Access Entitlement
The first step in creating a comprehensive Access Management Solution was to help eliminate manual user provisioning. At a company this large, new users are always being created as new staff is hired and roles are constantly changing. In the past, access to the company’s 200+ applications was handled manually, a time consuming, insecure and error prone method. Users would frequently have more access than needed for current roles as permissions were added, but not regularly reviewed/revoked.
The new system utilizes HR mapped job codes to assign user access automatically. As new users are added or existing users change roles, application access changes according to the corresponding job code mapping of entitlements. Additionally, if an employee is terminated, access is revoked immediately and downstream systems accounts are disabled.
Custom UI for Access Requests and Password Reset
Managing password resets and account claiming on an enterprise scale can be a daunting task. By leveraging ForgeRock’s framework and combining it with a custom-built user interface, Arisant created and implemented an automated password recovery and account claiming portal. This portal has helped IT administrators overwhelmed by a flood of requests to accelerate user access and reduce time spent on simple requests.
Since implementing ForgeRock identity and access management, the organization has seen significant time and resource savings from IT staff that was once managing user access and provisioning. Provisioning new users, a process that once took days, if not weeks, is now accomplished in near-real time. New users are no longer waiting for access to the applications needed to complete their jobs and onboarding is more efficient than it’s ever been.
Another way they have seen increased efficiency is through the elimination of manual account claiming and password resets. As you can imagine, 14,000 users can create a large number of requests. By creating a portal for simple requests including self-service access, Arisant has helped reduce the amount of time IT administrators spend completing mundane tasks and can instead focus on more strategic tasks within the company.
Finally, the organization is far more secure than it was before the implementation of ForgeRock. A side effect of implementing Automated User Access is achieving a zero trust, least access policy throughout the company. Governance around these policies in the form of entitlement reviews ensures accurate enforcement of these access policies. This provides a managed and secured landscape, reducing the risk of malicious activity due to inappropriate user access.