Initial situation

Unfortunately, each identity solution was hosted on a different platform and outdated. This not only created a complex integration architecture but also hindered the adoption of new technologies and strategies, including its cloud/SaaS strategy. Consequently, both from a financial and human resources standpoint, they were becoming increasingly costly and problematic to maintain.

At that time, they had also developed a new enterprise identity strategy. The purpose of this strategy was to serve as a centralized identity repository housing the attributes of, and relationships between, the Core, Professional, and Output identity objects that make up the organization’s identity landscape. This strategy stipulated 4 principal requirements:

  • Data aggregation: the repository was to aggregate inputs from all the disparate authoritative identity sources, such as HR, Self-Service Portals, IAM Framework, Feedback Divisions, Global Email, and other providers.
  • Lifecycle provisioning: this aggregated data would then provision and maintain the lifecycle of the many digital identities that would be used in both internal and external enterprise business applications.
  • Lifecycle role management: an enterprise role management architecture and governance structure around identity lifecycle processes management was required. This role architecture should be able to facilitate the segregation of resources into delegation perimeters for purposes of management and administration.
  • Comprehensive audit capabilities: the platform must also provide the ability to audit and track back all identity processes throughout their lifecycle to their source with comprehensive audit logging and reporting.

Implemented solution

EmpowerID started implementing the solution in early 2018. This included the centralized management of the Core Identity Object, the Professional Identity Object, and the Output for all identities and supported systems across the entire scope of their 3 major business units.

  • Our extensive RBAC/ABAC hybrid Role and Location security model will be configured to manage their complex ecosystem. This includes Employee, Vendor, Supplier, Partner, Company, and Customer.
  • Core identities will be created as master person identities within the Identity Warehouse
  • All professional and output identities and attributes will be linked to the core identity. This will provide a unified view of the core identity with all affiliated and dependent object relationships.
  • EmpowerID connectors will be integrated with the various authoritative sources of identity information. This will provide near real-time synchronization of attributes and relationships with objects in the platform’s identity warehouse.
  • EmpowerID’s business rules and policy engine will be configured to evaluate the roles and relationships of the core identity. It will then provision, de-provision, and update the identities and relationships in target systems according to the configured policies and business rules.
  • Each integrated system within our management scope will have its own synchronization rules and policies governing the identity and access lifecycle.
  • EmpowerID RBAC roles and access security will be configured to establish internal management perimeters within the administration console. This will provide visibility and authorization segregation of the company and identity data enabling authorized users to be able to manage their specific area of authority.
  • This security configuration can be performed through standard processes without the need for coding or custom development. Provisioning and access policies can also be targeted to specific perimeter scopes allowing for full business process segregation between organizational and functional perimeter boundaries.