The company uses a wide array of client business applications, with 30,000 employees serving over 100 organizations worldwide. Given the scale of their operations and resources, they needed an automated, comprehensive IAM solution to protect their assets and customer data and empower users.

Business Challenges

The BPO was expanding rapidly with many applications and infrastructure hosting environments to transcend the enterprise perimeter. This led to the realignment of IT, business, and security needs. The company also saw an increasing rise in the adoption of client applications due to rapid growth and a surge in employee strength.

They were using traditional IAM solutions, which were customized to various business needs. Manual maintenance was challenging, and tracking audits and compliance was getting cumbersome.

Complexity crept in and led to hiring highly skilled and expensive resources to implement and maintain them, delaying the large-scale organization-wide adoption of IAM controls. The company lacked domain expertise to design, implement, and operationalize an advanced IAM solution that can be orchestrated with every tool, system, and asset across the enterprise.

Solution Framework

Mitigate Access Risk

• Timely and guaranteed access deactivation for employees and
• temporary staff.
• Eliminate unnecessary access to business applications and
• enterprise services such as project distribution lists, internet service,
• printers, shared folders, etc.
• Approve and recertify access to business applications.
• Enforce access control policies and automatically detect violations.

Increase Operational Efficiency

• Rapid and error-free access provisioning in case of employee onboarding, promotion, and transfers across customer projects or locations.
• Eliminate paper-based approvals with digital approvals to ensure easier archival and audits.
• Increase user productivity and experience with reliable time-bound IT services.

Enable data integration and data governance

Eliminate IT helpdesk dependency for a high volume of routine tasks, such as:

• Password resets.
• Management of temporary staff IT access.
• Mailing group management.
• Automate routine helpdesk operations for account provisioning, de-provisioning, and access modification.
• Automate effort-intensive exercises such as tracking the progress of periodic access review (also known as access recertification).

Solution Approach

The solution intent was to overcome the challenges posed by fragmented, stagnant, and incomplete IAM programs driven by point technology solutions that addressed only a single use case or challenge. The automated solution should function as a sentinel to secure vulnerable assets and serve as a reliable line of defense against malicious users.

Microsoft’s Forefront Identity Manager was identified as the right fitment which could automate digital identity provisioning, management, and access removal (de-provisioning) across enterprise applications while providing self-service capabilities to end-users.

Solution Highlights

IAM solution achievements

• 1 hour
  Attained a turnaround time of 1 hour against 40 hours for access provisioning and
  de-provisioning.
• 30,000 users and >5000 groups for 25 apps
  Automated access management for 30,000 users and more.
• 80%
  Reduced helpdesk calls by 80%.

Automated Identity Lifecycle Management

• Automated access provisioning and removal across 25applications, including a thriving SharePoint-based ecosystem.
• Synchronize with HRMS systems to automate profile changes due to promotions or transfers across projects.

Self-service Capabilities

• Allow end-users to manage their access/password reset and avoid account lockouts.
• GAL profile management.

Temporary Account Management

• Approval-based account creation.
• Time-based account expiration.

Business Impact

• Overcame productivity loss by rapid onboarding of employees and temporary staff.
• Strengthened security by removing access on time.
• Significantly relieved the helpdesk from identity and access management operations.