Business of LEROY MERLIN develops at high rate and IT department should keep providing all tools required for work up-to-date. Things that yesterday met the requirements of the business today may prevent the operational work of employees and seriously reduce its quality without proper optimization, and even major changes in the architecture of service.
Due to the widening of range of services being provided, the IT department was faced with the need to create and maintain the up-to-date identity information for the accounts of all employees - and these are thousands of additional items.
Seeming simple at first glance, the task raised serious questions:
Who will maintain the actual state of Active Directory user objects and their fields: phone, e-mail address, location of workplaces and so on?
- How to provide deployment of and meeting the naming policies for both new and existing user accounts?
- How to carry out mass creating of user accounts with correct field values and attributes with minimum effort?
On having discussed possible ways inside the company and estimated advantages and disadvantages, the managers decided to choose Microsoft Forefront Identity Manager 2010 R2.
Effective solution of escalated tasks was to create system of identity management automation.
And to do this it was necessary to deploy unified object naming policy in the infrastructure systems.
Within the project scope experts of Clearway Integration have designed and implemented identity management system based on Forefront Identity Manager. The basic concept of the solution is data centralization based on the human resource database that acts as a repository of the source, relevant and accurate information about employees.
Basing on data from HR database following scenarios were developed and implemented:
- Creating and managing of employee’s identity data in external systems (active directory, mail organization) when new employee is hired;
- Well-timed changing of data in external systems during the whole life-cycle of information about employees in the HR database;
- Temporary locking user accounts and removing user credentials for external systems in case employee leaves.
In addition to the main task – receiving up-to-date information from external systems according to HR database – objects were brought to unified naming system, which was planned to be realized for a long time.
It has allowed not worrying about human factor influence – data about employees are synchronized automatically, information is kept up-to-date, a great scope of work is removed from the first line of technical support and automated.
Project implementation allowed automating routine tasks and reducing time of their performing, making data in main infrastructure systems unified and consistent, deploying unified approved object naming policy and providing meeting it, laying the basis for further implementation of role-based management of access to company’s network resources.
LEROY MERLIN company recognizes that functionality being deployed does not cover even half of FIM 2010 features and now they are considering possibility to develop the system.
The main goal is to automate management of access rights based on employee’s data – position, department, manager and others. IT department of LEROY MERLIN is sure that Clearway team will be able to help them in achieving this goal.
After considering the results of the finished project, the company surely says that it is rare to find a system integrator that is capable to deploy such a complicated system at such a high quality level.