IdAM provides missing link to simplifying onboarding process at central Government Agency
The Agency were undertaking an exciting period of digital transformation and part of this programme included simplifying and standardising the onboarding process and movement of employees to new job roles/departments or leaving the organisation.
The process in place was very manual and required paper forms to be filled in by hand with user information and then scanned to the helpdesk for IT to create or amend a user account. This led to several issues:
- Inconsistent data quality in the HR system
- Weakened security as users were left with access to systems they didn’t need within Active Directory when moving to new job roles or departments
- Similar positions labelled with different titles leading to confusion over which titles needed what access
- Misconfiguration of permissions with some users wrongly having elevated privileges
- Difficult to comply with GDPR as there was no ability to perform audits or generate reports to see who had access to what
From our discussions with the Agency, Identity and Access Management (IdAM) was identified as offering the best potential to combat these issues. IdAM is a service for managing digital identities and user access to an organisations systems and network. It gives users access to the networks and systems they need, while restricting access to those they don’t through creating a unique digital identity.
After a competitive tender process RedRock were chosen as the Agency’s delivery partner to support this programme.
At RedRock, we underpin all our Managed Professional Service engagements with the same core values:
- Client enablement
- Teams of excellence
Each engagement is directly overseen by one of our Technical Directors to ensure this. From the outset, our Technical Director collaborated with the Agency to ensure we fully understood the project’s desired outcomes. This also included monitoring progress and performance, providing updates and support where necessary.
The challenge with IdAM is that it is difficult to implement within an organisation, regardless of size, and has various challenges to overcome for a successful delivery. This is due to IdAM affecting large areas of the business including:
- All users of the system
- Numerous business processes
- Every IT application
- All infrastructure components
Because of this, a successful delivery requires input and cooperation from many departments and teams, an effort which can be difficult to organise.
With this in mind, and from our discussions with the Agency we were able to provide the following:
- Business Analyst
- Senior Solutions Architect
- Both experts in their field with a history of delivering successful projects
- Team co-located with in-house team within 4 weeks from the initial request
Due to the large, quality resource pool we have built up at Redrock we are able to select specialist teams based on their ability to meet our client’s needs, rather than just utilise who we have available at the time.
Our team engaged with the Agency and all other stakeholders, holding a series of meetings and workshops to ensure everyone involved had a chance to discuss the current issues, and fully understood the process and technical infrastructure already in place that needed to be mapped onto the IdAM server.
Our approach to ensuring a successful delivery was to complete a discovery report comprised of:
- As-is state
- To-be state
- Solution options
This fully costed report was split into modules and presented to the Agency to ensure they could review the issues, recommendations and timelines to resolve these, giving them a full understanding of the process.
One of the key findings we discovered from this is that there were issues with the current data quality in Oracle Fusion, their HR system. Large numbers of user accounts weren’t assigned a job title, line manager, department or employee ID. This meant the data couldn’t be properly synced with Active Directory, preventing a successful IdAM delivery.
To overcome this, we are working closely with HR and Heads of Departments to agree upon reducing and standardising job roles across departments and divisions, then applying changes to employee contracts. This process requires support and sponsorship from the highest levels of the organisation to successfully implement.
Once a reduced profile of job roles has been agreed and rolled out, each employees job role will be updated within Oracle Fusion and these updates can then be synchronised with Active Directory.
The discovery phase of this project is now complete and as a result of our findings, and from discussions with the Agency’s stakeholders, we will shortly begin the process of implementing IdAM to achieve the following:
- Effective records management enabling a swift response to GDPR information requests
- Improve security process – full control over who has access to systems
- Role Based Access Control – align employee identities with job role profiles providing access to applications, resources and services
- Privileged Access Management to improve control of administrative access to systems, ensuring the right level of access is given to appropriate users for the right amount of time
- Microsoft Identity Manager – synchronise identity data between various systems such as Active Directory and Oracle Fusion
- Public Key Infrastructure - issues and revokes security certificates to users, enabling the secure, encrypted, transmission of data across networks, including the internet
- Introduce workflow approval process to improve accountability and auditing measures
- Vastly improve end-user experience
- Reduce IT administration and help desk costs
- Improve employee productivity from features such as self-service password resets
- Improve understanding of the identity infrastructure within the Agency
Our relationship with the Agency has gone from strength to strength and we have successfully supported them with numerous projects as part of their wider digital transformation, providing them with experienced and reliable teams who are able to hit the ground running and work collaboratively with the Agency.