Unifying Users, SAP Applications and Data Through an Identity Management Strategy

Challenge

An identity management framework would provide appropriate access to the company’s technology resources throughout their lifecycle, without compromising security. Improving the security and regulatory compliance while making it easier for users to log onto multiple applications would reduce the password management burden on the IT department and the costs of provisioning.

The solution would centrally manage users’ identities across the employee’s lifecycle, assign system privileges and determine the resources each identity has access to. It would also provide key auditing and reporting information related to identity management.

Solution

Gartner Magic Quadrant IGA (Identity Governance and Administration) leader SailPoint’s IdentityNow, a SaaS product, emerged as the preferred application. Turnkey Consulting was chosen as the implementation partner. Okta would be integrated into the solution to provide secure single sign-on capability.

The client Identity and Access Management Service Manager says, “Our cloud-first strategy and the fact that both Gartner and Forrester had set SailPoint apart, made IdentityNow the clear leader in identity management”. She continues “Turnkey Consulting was recommended to us as an implementation partner with key SAP expertise”.

The project scope included several key applications including SAP, ServiceNow and SuccessFactors. The solution was to be rolled out across different geographical regions to a user base of up to 5,000. The project was delivered by Turnkey in three implementation phases; password management, access provisioning automation and access certification.

Users were given a single synchronised password for all applications connected to IdentityNow. It reduced help desk calls and strengthened security thorough the consistent enforcement of password policy. Access provisioning reduces human error by determining the correct entitlements an employee has and ensures appropriate Segregation of Duties through rolebased provisioning.

Access certification provides full visibility of all employee accesses to management and monitors whether they are in line with the user’s role and responsibilities. Additional access can be granted or revoked, reducing risk of potential Segregation of Duties’ violations.

The Identity and Access Management Service Manager concludes, “This solution was wholly fit for purpose and we were really pleased with the work that was carried out by Turnkey.”

Benefits 

Password management

•  Lower operational costs due to reduction in help desk calls for password resets and time spent locked out of accounts
• Strengthened security through consistent enforcement of password policy
•  Unified and centralised password management across data centres, cloud and mobile resources

Access provisioning

•  Automated routine provisioning processes reduces human error
•  360-degree visibility of all user access and entitlements
• Day one productivity empowers users to perform their work immediately from any location, with automated, intuitive access
•  Segregation of Duties is guaranteed through role-based provisioning policies

Access certification

• Users get only the required levels of access to perform their role
• Reviewers can easily access the certifications even on mobile devices
• Easy detection of vulnerabilities ensures low risk strategy 
•  Prevention of ongoing user entitlement creep and potential Segregation of Duty violations.