Modernize Identity management operations for a Global financial services portal supporting 800,000 customers, staff, and partners operating in 23 countries. The portal supports segmented integration with multiple identity sources including cloud, SaaS, on-premise, and mobile service providers. Identities are stored in multiple directories according to business workflow. Access policies, analytics, and consents are managed within each directory or application. Due to frequent M&A activity the portal is continually adding and removing new applications and directories. Lack of unified operations has caused user account retirement failure, over-entitlement, risky personal data sharing, and slow on-boarding of new services.
- Personal data must not be shared across organizations
- Partners and customers must not access the corporate network
- Partners and customers must login with existing credentials and directories
- Corporate Identity directories must remain separated due to regulatory mandates
- Access cannot be shared without explicit permission and restrictions
- Regulate access policies for specific products and groups
- Tiered access policies to control multiple roles and groups from different companies
- Mutual access and retirement controls for customers and partners
- Custom terms, conditions, and consent management for each user and product type
- Global access policies to govern all directories, applications, and user types
- Solution must scale and reside in the Cloud
- Solution must provide business intelligence analytics for compliance and license management
- Must operate with existing Identity and cloud security infrastructure services
- Must support incremental adoption vs big bang deployment
- Must reduce to cost of operations and accelerate service deployment and retirement
IdRamp Identity Fabric was deployed to implement adaptive access policies across disparate identity sources. Customers and partners were provided with “bring your own identity” (BYOID) access by connecting their directories to the IdRamp policy fabric. This reduced the number of identity accounts and the need to share personal information. Policy controls were provided to partners and customers allowing custom configurations for each relationship. Global, terms and consents were deployed for each service incrementally.
Vertical markets were on-boarded gradually to ensure no business disruption. Since IdRamp is a plug and play fabric no re-platforming was required. This allows the organization to add or subtract directories on demand with no downtime or expensive migrations. Imminent platform upgrades to existing identity and security infrastructure inter-operate seamlessly to protect business experience during complex changes. New applications plug into to the fabric for on demand integration with any combination of directories and access controls.
- 40% reduction in the number of identities managed
- 80% increase in the speed to deploy or remove new service and applications
- 20% increase in revenue to support new use cases with complex data regulations
- 60% decrease in operations cost required to manage access and integration
- 25% decrease in SAAS license requirements due to centralized analytics across all application
The identity and access management landscape is treacherous with every new IAM provider and SAAS application competing to sell you their identity stack. The traditional model of one platform for all cases is not sustainable or efficient. Contact IdRamp to learn how a decentralized fabric can help transform your organization.