One could almost believe that Ms. Weber wanted to initiate a revolution, so fierce was the resistance to the centralization of user management. It makes the IT systems much more secure and saves the individual areas and also the IT a lot of time. With a lot of patience and persuasion, the project was finally completed in time. Here and there, some grumbling about it can still be heard, but one cannot expect otherwise with such a profound change. With a bit of time, everyone will get used to approval according to the workflow and the automatic assignment of users and access rights.

The biggest problem was actually the initial setup with the creation of all internal and external roles, including the associated permissions and access rights, and the complete user matrix. Fortunately, she found support in the workshops with Goldright. This would probably have become a Sisyphean task, especially where it was very difficult to obtain clean personnel master data. As soon as this was done, the task was done instantly, and the  Identity Management system was ready for operation. Now it is working, and all processes and control principles are finally being adhered to consistently. Because IT receives a ticket with name, role and whether the employee is internal or external, this triggers the process “Create a new user”. In the first step, the e-mail address is automatically created. The provision of the hardware for the employee is then initiated. In the next step, the future employee is assigned to a team and one or more projects. The rules are based on a comparable employee role and the users and access rights for systems, IT resources and data are automatically provisioned. In addition, a check is automatically carried out once a day to determine whether the assigned rights still apply to each user. If a system is not used for more than 30 days, it will be automatically locked. This means that every employee only has access to the IT resources and systems they need to work. Everything is ready for the trainees who work in the various areas during the summer holidays. Now Ms. Weber looks forward to the newcomers’ first working day. Their employees are now also more relaxed and refer to the new workflows with a smile when they are asked questions. Therefore, nothing gets lost in an overcrowded inbox.

In addition, internal job changes and parental leave or sabbatical are now also easy to handle. Simply assign a validity date for the previous role of the employee, and after the last working day all accesses and permissions of the previous job are blocked. When changing jobs, all new users and rights are then assigned for the first working day in the new position. In contrast, when returning to the company with an unchanged role, on that working day the previous profile with all users and access rights is automatically activated.

Ms. Weber now also looks forward to the upcoming IT audit more calmly, because with just a few clicks she calls up the current or deadline-based 360° view of her Identity & Access Management (IAM). Everything is documented fully automatically and is therefore audit-proof. Even Ms. Schmitt is always smiling, because Mr. Schneider is now asking her about the approval of the campaign budget every month. The management is also satisfied with the introduction of Identity Management, as it contributes significantly to IT security and also protects the company’s critical assets. – Ms. Weber and her supervisor are far from finished, because in the next step they will integrate the access management to the locations and individual areas in the buildings into the Identity Management.


Part 1: If you are in a company long enough, you have all permissions and access. ››

Part 2: Will the decision be for or against professional identity management? ››