Implementing MIM for Standardized Identity Management and Improved Compliance
Oxford Computer Group implemented MIM at a networking and telecommunications company to improve identity and access processes and increase compliance with governmental regulations.
Challenge
A networking and telecommunications company has a limited solution in place for managing identities and access rights for their employees across the various systems that they use today. The current processes place a significant burden on the IT personnel as they must create, update, and retire identities across multiple systems using tools and processes specific to each system. This is time consuming and error prone, affecting user productivity and impeding organizational agility.
Our client’s lack of automation, based on corporate policies, and the lack of integration with authoritative sources of data produce incorrect or stale information. This leads audit failures and expensive remediation efforts.
Our client wishes to standardize identity and access management on a single platform that will allow them to implement and enforce their policies centrally, all while still providing the flexibility to delegate administration roles as needed.
Solution
Oxford Computer Group (OCG) implemented Microsoft Identity Manager (MIM) as the platform of choice to perform key identity management functions.
Employee, Contingent Worker and Partner Management: User records are imported from the client’s HR system and provisioned, updated and disabled in Active Directory, ServiceNow, and Exchange Online. Certain attributes like email address and account name are written back into the HR system.
Admin Account Management: Employee, contingent worker, and partner records with an Active Directory Admin account are joined up to MIM for management of AD Organizational Unit location, Account Status and Group Membership.
Photo Synchronization: MIM imports the HR system’s photo for a user and synchronizing the photo to Active Directory and Exchange Online.
Group Management: MIM manages a subset of criteria-based groups whose membership is derived from the client’s HR system for the purpose of providing birthright access. MIM flows the appropriate attributes from the HR system to Active Directory to support automated group and access management for applications that are not directly connected to MIM.
Delegated Administration: Administration is delegated in MIM so that administrators can perform tasks on employee, contingent workers, and partners that are outside of the normal automation process.
Benefits and Outcomes
- Streamlined identity and access processes by automating access provisioning and de-provisioning across various systems.
- Lowered administrative costs by reducing the current burden placed on IT through automation, self-service and delegation of administration.
- Improved user experience, by ensuring that new employees, contingent workers, and partners have the access they need starting day one to be productive.
- Increased regulatory compliance within governmental and commercial regulations through the enforcement of corporate policies relative to identities and how their associated entitlements are managed.
- Created a standardized identity platform by establishing an identity framework solution in which all future and current applications and identity repositories utilize as part of the identity lifecycle.
Next Steps
Now that our client has a solid IAM foundation for birth-right provisioning, they are looking to further mature and begin building their Identity Governance and Administration (IGA) capabilities. Specifically, they want to build out role-based access, attestation, and separation of duty capabilities.