Companies in the banking, finance and insurance fields are strictly regulated with considerable penalties for infringements. They are frequently required to demonstrate proof regarding IT system access. Consequently, they need to have complete visibility over identities and access permissions while allowing for evolutions in these financial industries. The industry’s approach is increasingly client-centric and assignments – and therefore access rights – attributed to agents, advisors, or brokers must evolve constantly.
Identity and access management is subject to periodic review as well as audits and reporting that allow each company to know who has access to what at any given moment.
Discover the details of a project conducted for a CAC 40 International Banking groupInside this banking group, their IT economic interest group’s mission is to develop banking software used centrally and in regional branches. This smaller group is comprised of 5 300 users and serves 150 000 users. The first objective was to improve user arrivals, movements, and departures.
Other expected functionalities included:
- Central reference repository management (with multiple sites and companies), software entitlements, physical materiel entitlements, and user records
- Identity Lifecyle management with parametrized workflows and other customizations
- Access rights management (user profile management, roles, and workflows)
- Reconciliation with existing user access data (initial imports and automatic updating)
- Decentralized administration
- Self-service user portal
- Compliance tracking according to inhouse security standards
- Data exports
- Simple web-based user interface
Other goals of the group were to harmonize the banking network, to provide a solution for the centralized construction of business roles and application roles, to reconcile and provision numerous applications (Active Directory and Active Directory forests, 80 mainframe partitions, Top Secret, LDAP, webservices, SQL, etc.) and to put into place a system of entitlement management by job titles/categories.
Usercube was chosen after a four-day Proof of Concept.
Once installed On-Premise, Usercube manages 8 500 users, 1 100 000 accounts, 8 million security groups, 500 business roles, 4500 application roles and 585 000 technical roles (for fine-grained access control).
The mainframe connector for Top Secret provisions and reconciles 800 000 accounts and 5 million entitlements in 10-20 minutes.
Discover the details of a project conducted for a mutual insurance groupThis group is one of the most important mutual insurance groups in France. It has 17 000 employees and 5.3 million members. While it initially specialized in insuring physical assets, the group slowly diversified its activities. Today it works in the fields of healthcare, pensions, savings, life insurance and the banking industry. The old identity management system was obsolete, expensive and required too many manual operations.
While restructuring, the group wanted to launch a new IGA project. The project had five goals: :
- Entitlement compliance by business profile
- Entitlement governance
- A new tool for requesting and managing user access
- Coverage of the totality of the group (the company and its affiliates)
- Management of internal identities (12 000) as well as external identities (5 000)
The Request for Information went out only to software publishers referenced by Gartner and also to Usercube, indicating the success of its publisher/integrator positioning.
Usercube was short-listed after an initial Proof of Concept. The second Proof of Concept drew attention to Usercube’s catalog of entitlements that could address all the complex use cases of the group.
In May of 2019, the solution was officially chosen, with a major integrator doing the build for an on-premise installation..
Because Usercube’s on-premise and SaaS solutions are identical, the run phase of this product will be executed as SaaS which aligns perfectly with the group’s IT strategy.
Defense organizations, and other sensitive industries, are subject in France to the Military Planning Act which impose certain practices related to identity and access management. The governance put into place should allow working in evolving, resilient and deployable structures especially when these structures are used in joint operations or industrial ecosystems which require collaboration with outside organizations for complex and/or global projects.
Identity access and management must therefore integrate strict processes including multiple approvals, periodic reviews, audit and advanced reporting functionality that permits constant visibility regarding who has access to what at any given moment.
Discover the details of a project conducted for a european industrial naval groupThis Usercube project’s goal was to replace an obsolete solution that no longer met the company’s needs.
- To replace and centralize the three existing solutions : identity management (off-the-shelf), workflows (off-the-shelf) and an access review system (constructed internally);
- To permit compliance with regulations and security contracts signed with partners and customers.
The solution needed to be able to answer the following questions:
- What are the access rights of a user inside the IT landscape? (Real entitlements)
- Is the entitlement legitimate? (Business role)
- What was the process for obtaining the entitlement? (Entitlement processes)
- What are the access rights of a given user at a given moment? (Tracking)
- Do the actual entitlements correspond to the theoretical entitlements? (Reconciling)
- Are the entitlements reviewed periodically? (Certification)
- Is there a separation of entitlements? (SoD)
The selection process included a very thorough Proof of Concept. Usercube placed first according by measuring up to evaluation criteria including a financial analysis of the company.
Usercube implemented the solution with the customers team, prioritizing:
- A directory and organizational chart
- Workflows for identity lifecycles
- Role mining which permitted an intelligent creation of application and business roles related to targeted applications
- Entitlement management and provisioning for these same applications
Today, the company has appropriated the solution and is autonomous in its configuration.
Usercube, installed on-premise, manages 320 000 identities with 8 500 application roles and more than 250 applications are connected.
Identity governance allows companies in this field to manage identities and entitlements, whether identities are internal or external users (consultants, subcontractors, and vendors).
In this field, identity governance has its most transverse application. Other than security benefits (which are increasingly expected in this field), identity governance creates significant operational and financial gains due to management of identity life cycle processes, clear processes for entitlements and access to physical equipment and/or devices.
Identity access management must integrate, in this increasingly transparent environment, processes that include multiple approvals, periodic reviews, audit and advanced reporting functionality that allows visibility concerning who has access to what at any given moment.
Discover the details of a project conducted for an energy leader listed on the CAC 40This project’s aim was a global improvement of services and a reduction of costs.
The specific goals were :
- Accompanying the transformation of the company
- Offering a reliable identity directory available to IT systems and business departments
- Providing the right resources to the right users at the right times
- Helping the information systems’ transition to cloud services and guaranteeing compliance with the GDPR.
To accomplish these goals, the sought-after solution needed to offer :
- A unique identity reference repository, including all partners
- A structured and standardized entitlement catalog
- Services available for everyone
- Harmonized and simplified identity workflows
- Profile-based management of resources
- A cloud solution capable of integrating the existing IT systems while reducing costs
Usercube was chosen for the following reasons :
- Usercube is a reversible SaaS solution with usage-based billing and no/low code customization
- 80% of their identity management needs are covered natively
- Integration and customization are performed by Usercube itself
- Strong contractual commitments with reversable SaaS and on-premise
- A simple and robust architecture, compliant with the company’s security principles
Usercube also brings these advantages:
- Reliability : Better integration for new user types: employees, consultants, interim users, interns, and partners with better data quality because of modifiable reference lists
- Simplicity : Easy preparation for arrivals, prolongations and departures, with automated resource allocations
- Autonomy : Managers and assistants can directly correct certain information
- Security : Data entry based on official ID, systematic manager approvals, automatic departure and account deactivation
With this SaaS solution, Usercube manages 110 000 identities in 120 countries.
Discover the details of a project conducted for an international cosmetic company
This cosmetic company manages the totality of its products’ life cycles. It produces its own raw materials, transforms and then distributes them while being focused on reducing its environmental impact.
They wanted to put into place a complete identity management solution with the creation of reference repositories (users, sites, departments, resources, etc.), identity lifecycle management, entitlement management, automatic fulfillment and compliance (corrections, reports, audits).
The following was observed in the existing system :
- Little to no advanced preparation for arrivals and departures
- Informal management rules with limited diffusion
- IT resource management according to local and non-uniform practices
- Incomplete processes for attributing and recovering of resources
- Insufficient communication between HR and IT
A search was therefore initiated to find an IAM solution as SaaS that would allow iterative rollouts to their different countries and subsidiaries.
The expected functionality included the following:
- Make available a reference repository containing internal and external users, their functional and hierarchical organizations, as well as geographic locations
- Provide a company-wide directory
- Provide an organizational chart
- Manage and track identity life cycles
- Manage user access rights within the information system
- Automate the creation of software accounts with their fine-grained access
- Generate compliance, management and dashboard reports
- Usercube’s support levels in line with internal SLA requirements
The selection process included the completion of a Proof of Concept, which demonstrated the expected functionality. Usercube also demonstrated compliance with the company’s standards for service levels.
This solution was deployed as SaaS for identity management of 9 500 users.
The public sector is involved in an important transformation process, which often implies the cumulation of entities inside structures that are increasingly global and complex with a goal of pooling resources in order to reduce costs, without losing service quality.
Identity governance allows for the transformation of these organizations while providing efficient and homogenous identity services that allow for:
- A pooling of resources;
- The integration of ever larger functional and human scopes;
- The cohesion of management processes;
- The compliance with regulations (including the RGPD)
Identity governance must also allow for the acceleration of an organization’s digital transformation while also facilitating the process of virtualization.
Discover the details of a project conducted for a territorial collectivity
This project concerns a large metropolis made up of one big city and a dozen smaller municipalities. The aim was to unite, around a single identity management project, all the different organizations in order to replace an internally developed solution.
This collectivity wanted to put into a place a new service managing identities and access for its agents (5 000 for the entire metropolis), as well as external users, interns, consultants, and subcontractors.
The objectives were to :
- Make available a reference repository of all users
- Authorize these users within the information systems of the metropolis
- Automate the entitlement process
- Manage identity lifecycles
Usercube was chosen for the following reasons :
- Its ability to respond to presented requirements
- Its maturity
- Its positioning as both software publisher and integrator
- Its positive recommendations from other clients in similar environments
The license and integration service purchases were facilitated by Usercube’s listing in France’s catalog of the central public purchasing office.
In the Distribution vertical, identity governance facilitates a digital transformation and compliance with regulations (including the RGPD) while addressing the complexities of distribution companies where sales points, logistic centers and production centers must all be factored into access rights.
Identity governance, in addition to security, should also address user expectations : comfort, efficiency and reactivity in order to contribute to gains in productivity. Users need quick access to the right resources at the right time.
Identity governance focuses on accelerating the digital transformation of these companies so that they can focus on their core businesses.
Discover the details of a project conducted for a material distribution company listed on the CAC 40
This company ranks among the leaders in material distribution and represents 17% of its Group’s revenue.
The identity management project’s aim was to meet the needs of 30 000 users, with respect to the data quality of HR, simple data management, and entitlements.
The following was observed in the existing solution:
- The company had several directories, stemming from systems with different base technologies
- The business needs were numerous (workflows, hierarchical approvals, business recipients)
- The company desired that HR information be more relevant (Who does what? Where is the user? Is the user active or inactive?)
Project goals were the following:
- A centralized solution
- An identity reference repository updated daily with data from the HR system
- A self-service portal for users which would give them more autonomy and lower support costs
- A solution accessible via Android and iOS cellphones
The project covers three themes:
- Creation of a company-wide directory
- Management of identity lifecycles
- Management of entitlements, both applicative and equipment/physical access devices
Now installed, Usercube manages 30 000 user records, 4 500 sales point records, and 59 organizational charts, some of which integrate up to 8 levels.
The project lasted 5 months, from the kick-off to the availability of the company-wide directory.
In France, identity governance in the health vertical subject to a government program called Digital Hospital. This program recommends implementing modernization and development plans for hospital IT systems and accompanies these organizations in their IT and communication transformations.
Identity governance aligns with requirements to reduce costs, optimize processes, maintain confidentiality, control access to patient data, while industrializing access to resources and applications so that each nurse, doctor, and internal or external agent will have exactly the right access levels at the right times, which in this domain could mean extremely short timeframes.