The Challenge

A central government agency was in the midst of a major digital transformation programme. A key part of this work was improving how employees were onboarded, moved between roles or departments, and offboarded when they left the organisation.

The existing process was heavily manual. Paper forms were completed by hand, scanned and sent to the IT helpdesk, where user accounts were created or amended. This approach created a number of operational, security and compliance challenges:

• Poor and inconsistent data quality in the HR system
• Increased security risk, with staff retaining access to systems they no longer needed when changing roles
• Inconsistent job titles, making it unclear which roles required which system access
• Incorrectly assigned permissions, including unnecessary elevated privileges
• Limited audit and reporting capability, making GDPR compliance difficult

Through early engagement with the agency, Identity and Access Management (IdAM) was identified as the most effective way to address these issues. IdAM provides a structured approach to managing digital identities and access, ensuring users have the right access at the right time, and no more than they need.

Following a competitive procurement process, RedRock was appointed as the agency’s delivery partner for the programme.

 

Our Approach

RedRock’s Managed Professional Service engagements are built around three core principles:

• Client enablement
• Teams of excellence
• Impartial advice

The engagement was led by a RedRock Technical Director, who worked closely with senior agency stakeholders to agree outcomes, oversee delivery and provide assurance throughout the programme.

Implementing IdAM can be complex, regardless of organisation size, as it impacts almost every part of the business. It touches all users, many business processes, all applications and the underlying IT infrastructure. Successful delivery therefore requires coordination across multiple teams and strong stakeholder engagement.

To support this, RedRock rapidly mobilised a specialist team, co-located with the agency within four weeks, including:

• A Business Analyst to capture requirements and map business processes
• A Senior Solutions Architect to design the technical approach
• Both consultants brought deep experience of delivering IdAM solutions in complex environments

 

Our Solution

RedRock worked closely with the agency and its stakeholders through a series of workshops and working sessions. These focused on understanding current challenges, existing processes and the technical landscape that would need to integrate with the IdAM platform.

A structured discovery phase was completed, resulting in a detailed, modular and fully costed report that set out:

• Key findings and risks
• The current (“as-is”) state
• The future (“to-be”) target state
• A range of solution options
• Clear recommendations and delivery timelines

This gave the agency a clear view of the changes required and the steps needed to achieve a successful IdAM implementation.

One of the most significant findings was the quality of identity data held within Oracle Fusion, the agency’s HR system. Many user records were missing critical information such as job role, department, line manager or employee ID. This prevented reliable synchronisation with Active Directory and posed a major risk to any IdAM solution.

To address this, RedRock worked with HR and senior leaders to rationalise and standardise job roles across departments. This included agreeing a reduced set of role profiles and updating employee contracts where necessary. Strong executive sponsorship was essential to drive this change and ensure consistency across the organisation.

Once agreed, job role data could be updated in Oracle Fusion and reliably synchronised with Active Directory, creating a stable foundation for IdAM.

 

The Outcome

The discovery phase has now been completed, and the agency is preparing to move into implementation. The IdAM solution will enable a step change in how identities and access are managed, delivering a wide range of benefits, including:

• Improved records management, enabling faster and more accurate responses to GDPR requests
• Stronger security controls, with clear oversight of who has access to which systems
• Role-based access control, aligning system access directly to standardised job roles
• Privileged access management, ensuring administrative access is tightly controlled and time-limited
• Integrated identity management, synchronising data across systems such as Active Directory and Oracle Fusion
• Public Key Infrastructure, supporting secure and encrypted data exchange
• Automated approval workflows, improving accountability and auditability
• A significantly improved user experience for employees
• Reduced IT administration and helpdesk effort

Increased productivity, including self-service capabilities such as password resets

Greater visibility and understanding of the agency’s identity and access landscape

RedRock continues to support the agency across multiple initiatives within its wider digital transformation programme. The relationship has grown into a trusted partnership, built on experienced teams, rapid mobilisation and collaborative delivery.