SailPoint Identity Now

1. Industry- E-commerce | Product Integration- Identity Now

Beginning:

This story is about an e-commerce giant in India valued at over USD 100 billion. It was a very challenging task for the IT teams here to securely manage the systems where more than 800 employees and 400 contractors were using them regularly. They wanted to secure their internal applications using identity governance by implementing SailPoint Identity Now.

So, they began researching and spoke to some of the biggest firms in identity governance. After talking to several market leaders, their team generated a list of selected firms, which included ENH. They connected with us (ENH iSecure) by visiting our website and completed a POC (Proof of Concept) that contains over 200 questions covering self-service for requests, risk calculations based on identity and application profiles, non-employee lifecycle management (NELM), and things like the access request module. ENH experts then established a new, temporary POC environment for them to illustrate their proposed solutions.

Goal:

1.??To implement the Identity Management system with following goals

A. ?Automate the following processes.

?? End to end user lifecycle management

?? Role based access control.

B. ?Reduce help desk costs with the following processes.

?? Self – Service for access request

C. Improve governance with the following features.

?? Access certification for manager, application / group owner

??Preventive and Detective SoD policies

??Risk calculation based on the identity and application profiles.

Threat:

Before implementing SailPoint Identity Now, ENTERPRISE was using JIRA Service Desk as their UAM portal. The process involved a lot of manual intervention in providing access to employees.

Also, for any new employee or contractor joining the organization, the HR team and IT team would need to manually update their details and assign the resources accordingly. Governance of all identities was also a major challenge as it resulted in validating all the UAM tickets raised manually, and the access associated with the same.

Due to human intervention in the process it led to resulting in delays, errors in the process.

Solutions:

ENTERPRISE has implemented Lifecycle Management Module, NELM Module and Access Request Module in SailPoint Identity Now. The below features have been implemented.

1. ?Joiner, Mover, Leaver for all employees. Any employee’s access present in their HRMS system is managed through SailPoint Identity Now. All the accounts and accesses required for a new joiner on his first day are automatically created and provisioned through Identity Now. Also, for any employee leaving the organization, all his accesses and accounts are disabled after their last working day.
2. ?Contractors On-boarding, Offboarding can be managed through NELM module. All the accesses can be managed & governed through NELM in Identity Now. For any Contractor joining the organization, it is important to have all his accesses ready on his joining day and it is necessary to separate their records from HRMS. With the NELM Module, it is possible to create their accounts with a single upload of a file and all their records are maintained in the file.
3. ?Any employee/ contractor can raise a request for themselves and the team as well using the Request Centre of Identity Now, and the approval is automatically routed to the Manager. Based on the decision, the access is granted/revoked for the user automatically.

Unique Use Cases Implemented:

1. ?Disabling an account in any application automatically once all the roles are revoked- For any user, if all his roles are revoked in any application, but is an active employee, his application account is disabled automatically by SailPoint. This was an additional requirement for the customer as per their audit results.
2. Handling exception cases in HRMS where if an intern joins as a permanent employee, the HRMS & AD account records are not changed.
3. Drop-out case- Deleting all the records of a new joiner, if he/she does not join the organization post their joining date- For any employee who does not join the organization after accepting their offer letter, all his account licenses are already assigned.

Key Takeaways

Key takeaway was that SailPoint Identity Now can automate user lifecycle management use cases and centralize access for the employees and contractors present in the organization. It will also enable the management of the organization to have a simplified way of governing access through a single portal and will help with insights for their decision making.

?