ENGAGEMENT
A large Technology client sought help overcoming significant challenges in scaling its Identity and Access Management (IAM) provisioning and lifecycle management program. It aimed to reduce security risks while increasing employee satisfaction and productivity through automation. Our team was engaged to design and implement a refreshed Identity Governance & Administration (IGA) capability using SailPoint. This core IAM service enabled the Identity team to onboard dozens of high-use, high-sensitivity applications, provision access automatically using predefined rules and execute recurring access audit campaigns.
PROBLEM
The client’s existing provisioning process for employees and contractors was entirely manual for joiner, mover, leaver (JML) use cases. The IT service desk had to navigate dozens of guidelines to determine the appropriate applications and permissions based on worker roles and titles, leading to inconsistencies and delays. Approvals for provisioning were manually handled via email and Slack, further delaying the process. Without a self-service access request portal, users and managers had no efficient way to request access to new applications. Moreover, access audits and campaigns were manually conducted by application admins, which was both time-consuming and error prone.
SOLUTION
DayBlink Consulting led the implementation of SailPoint and its integration with the client’s existing HRMS, Active Directory and Identity Provider (IdP) solutions. We designed a comprehensive Application Onboarding Process to automate provisioning through SailPoint. By working closely with application owners, we developed role- and attribute-based entitlement rulesets to automate access. For request-based access, we integrated the IGA solution with ServiceNow and Slack to streamline request, approval and fulfillment using a self-service access request portal.
RESULT
The solution empowered users and managers to efficiently handle ad-hoc application access requests. We eliminated the use of manual reference documents, used by the IT service desk, for provisioning new user accounts and setting permissions, enabling seamless last-mile provisioning for the joiner workflow. The onboarding procedures we implemented set the client up to onboard its entire ecosystem of applications (over 500) within a three-year period. Our automated approval workflow integration with email and Slack reduced the number of human touchpoints, significantly speeding up the process. We also laid the foundation to automate mover workflows, and enabled the client to conduct automated access campaigns on a predefined schedule based on application classification. This not only returned hours to an overworked IT team but also enhanced the overall security posture of the organization and drastically improved employee satisfaction.