Building IdAM Integration / Cloud Based SSO

When a substantial player in the Australian Health Services Industry encountered problems with its whole-of-business transformation (locally and internationally), it called in Envisian’s technical integration experience and vendor management skills.

The issues arose around creating a centralised suite of IT Shared Services, implementing a common Human Resources Information System (HRIS), integrating Active Directory services and email domains and consolidating datacentres and network services.

When we came on board, the client had already identified that disparate naming conventions and data challenges were preventing Workday, ServiceNow, Active Directory and other common applications from integrating smoothly with the client’s preferred Cloud-based identity and access management solution, Okta.

Our audit of the client’s current people processes, workflows and systems also found there were ingrained cultural barriers in the form of a general lack of appetite/awareness to use and maintain people data to empower the business, a prevailing mis-conception that Single Sign-On (SSO) was technically difficult, and an on-premises Active Directory focus, which ignored Cloud-based authentication / authorisation options.

When we mapped the workflows between associated systems to assess impacts to the business, we identified that significant manual processing was capturing incomplete or inaccurate data across multiple systems, impacting the effectiveness of the SSO solution.

We started by setting up a data quality task force within the client’s People Services division to help us lay stronger foundations for automation through new standards and procedures, updated policies, and increased governance.

On the technical side we enabled HRIS-driven provisioning in Microsoft Directory Services, and leveraged Okta best practice to build Active Directory access from ‘blank’ Active Directory template and to facilitate instant account creation and updates from Workday.

We used Okta’s improved functionality to apply a superior balance of security and usability, which allowed us to provide a consistent view of applications to all users (improved SSO capability) and to simplify the complex security requirements for application owners (adaptive Multi-Factor Authentication).

Finally, we trained application owners to configure and maintain SSO in their application domains and developed the Okta application portal to allow users seamless access to their applications from mobile and other devices.

Our work refocussed the IT culture and delivered a smooth integration and significant process improvements, which reduced two FTE resources and lowered licensing and audit costs.  Most importantly we improved staff user experience.

The client valued our independence, our in-depth knowledge of latest technologies, and our vendor management capabilities, which combined to ensure the project achieved its stated benefits on time and to budget.

For more information talk to our CTO, Damien Pedersen: