Implementation of a new SailPoint-based Identity Management System incl. user migration

Implementation of a new SailPoint-based Identity Management System incl. user migration

22. March 2021

Background

Following a spin-off of a significant portion of the business, the newly formed company had to implement a new and independent solution for its Identity Management. It was important that the new solution supports our customer’s IT strategy of “public-cloud first”.

Starting-Point

When kicking off the program, our customer was still strongly depending on the IT Infrastructure of the former joint company. User accounts were distributed across several Active Directories as well as a Novell eDirectory which were under control of the previous company. At this point in time all new user accounts had to be created in the legacy environment, the required technical independence had not been realized.

Characteristics

Under no circumstances a disruption of the user’s daily work had been acceptable during the implementation or migration. Additionally, due to an entirely re-structuring of the client infrastructure, a cloud-based authentication in Azure AD was needed.

Implementation

The program was split into several, partly independent sub-projects. The implementation of SailPoint was handled in an agile management approach while all other activities (AD-user migration, migration of apps with reference to authentication and federation, implementation of cloud technologies etc.) were handled via a water-fall management approach. For organizing the (sub-) projects work we relied on Atlassian Confluence & Jira as well as Azure DevOps.

During the project, the following technologies were used and implemented: SailPoint IIQ, AADC, Windows Hello.

Customer Benefit

This program was not only a necessary step following the legal split but at the same time it was also an essential enabler for several follow-up projects to comply with the customer’s new IT-strategy (“public-cloud first”). The user onboarding process has been entirely automated and allows any new starter to directly start working with almost any client – e. g. from home – and to immediately access all apps which had been assigned to him.