With over 5,300 stores in 80 regions around the globe, this client is a major player in the retail market.
Their IT organization was, and still is, structured as one central IT department with five national departments. It consists of 110,000 identities dispersed across the organization. These identities were managed using a custom Microsoft-based application that was configurable to support the unique requirements of their business in each country. As such, it was difficult and expensive to administer, customize, and manage.
Specifically:
- There was a massive SAP landscape to manage with multiple access points
- There were a large amount of applications within this landscape (most of these applications were in .NET)
- Individually developed interfaces for these applications were also created. (These proved less than flexible and far more challenging to manage than anticipated.)
- These were non-optimal for supporting the legacy applications and processes critical to business operations
- The IT infrastructure was dated, rigid and thereby hindered growth, progress, and innovation
- Collectively, it was proving too expensive in what was, and still is, a cost-conscious industry.
These factors led to them initiating a global transformation program. Their goal was process optimization to consolidate a more manageable IT landscape that would support on-going global expansion and growth.
Unique differentiators of the solutions
EmpowerID’s solution comprised 3 principal differentiators:
Workflow Design Studio
provided faster development, deployment, and reconfiguring of processes via Workflow Design Studio (WDS), our unique, graphical, drag and drop interface and design tool. Resulting in
faster development and deployment of applications
a closer and more efficient match to business requirements
the ability to rapidly modify business processes (in response to environment, industry, legal changes, etc.).
Provision of Shared Services
The platform was developed as a single .NET platform that utilizes a set of shared services across all modules: a single workflow engine, Identity Warehouse, user interface, authorization engine, audit log, and API.
The customer’s current application was all in .NET, so we were able to reuse some of the IP—this helped to significantly reduce time and cost during implementation
their existing team was already well-equipped for EmpowerID’s platform so this not only facilitated knowledge transfer, but minimized overall risk for a project of such magnitude.
RBAC/ABAC authorization engine
our unique polyarchical RBAC/ABAC authorization engine will result in fewer roles and a more flexible permission management model. This model will:
Make the customer’s permissions management system better able to match its requirements concerning hierarchies and attribute-driven assignments
Deliver significant savings due to there being fewer roles to manage and audit to achieve the same desired outcome.
Implemented solution
They needed a more flexible role structure to support more automated streamlined processing and to ensure proper regulatory compliance. EmpowerID was designed to manage exactly this type of large distributed global organization and to provide an integrated and effective technology ecosystem that can grow and expand as the enterprise evolves. The product suite once completely implemented, will provide them with:
- A unified identity model that ties together the myriad application and system identities that enterprises accumulate.
- A single point of reference for understanding and managing a person’s presence within the technology ecosystem.
- A common integration and federation platform with a consistent, flexible, configurable, and standardized interface. This is essential for building new technological partnerships as the application environment expands and evolves while still supporting the legacy applications and processes that are critical to business operations.
- A flexible and configurable role structure that provides an organizational architecture upon which to build an automated provisioning, access management, and delegated resource management system.
- An access governance platform with comprehensive auditing, approval, enforcement and recertification capabilities.
- A user-friendly portal interface that can be used by both end users and administrators to manage enterprise directory objects, request access and resources, and perform self-service password management capability.
The core platform and modules that are implemented are built on a single set of services. This will offer easier implementation, improved management, better performance, a superior user experience, high scalability and a lower cost of maintenance and support. In addition, the entirely workflow-based architecture based on the latest Microsoft technology allowed the customer to incorporate existing code and replicate its business processes without compromises.