Automated Identity Management within a Global Enterprise
Bringing an identity roles explosion back under control
A global enterprise with over 30,000 staff was facing a challenge to efficiently manage the identity and access controls of each colleague across multiple systems
The enterprise’s workforce were mostly permanent employees although there were a significant number of contractors, freelancers, agency staff and partner organisations that required access to the various systems.
The organisation employs a complex workforce with over 30,000 identities that need to be managed. The majority are permanent employees, but a significant minority are external parties, including a mix of temporary workers: contractors, freelancers and partner organisations and agency staff.
Each one of these requires access to internal enterprise resources, and therefore needs to be assigned an enterprise identity. However, the existing system struggled to control the access granted to staff.
Working closely with the internal teams, Amido advised them on the right way to get the best out of ForgeRock’s Digital Identity technology software stack: a modern identity management platform, which was ideally-suited to their needs.
We decided to counter the client’s roles explosion problem by moving them to a hybrid Attribute-based Access Control (ABAC) model, with some level of Role- based Access Control (RBAC): a nine-month project which reached completion in late 2018. In addition, Amido worked hand-in-hand with the client to resolve the issue of identity duplication – every user joining the enterprise is rigorously checked across a broad range of data points to confirm that a new identity is required.
"The identity platform has provided our enterprise client with the foundation on which to build comprehensive, global access management. By improving automation, security and governance, this world-leading company now has a modern digital identity technology system that is ready for future growth."Steve Jones, Principal Consultant
Enhanced security, automation and governance
The solution creates a single Active Directory domain to replace the company’s three existing domains, giving them a single view of their 30,000 employee identities.
Improved efficiency through automation
It has dramatically reduced the number of duplicate identities, bringing the organisation’s identity roles and security groups back under control. By reducing duplication of effort, governance and security processes also become easier.
Foundation for comprehensive, global access management
The technology gave our client the capability to assess their internal identity management and simplify it going forward.