To support its 1,000 employees, the Tongji IT department used Sun Identity Manager but this was causing some problems. There was no clear integration with user identity data sources, such as HR or payroll systems, and when people left the university or changed roles, these changes could not be synchronized with the relevant systems. Security was poor and there was no support for federal certification.
Oracle planned to withdraw support for the solution and, as it wasn’t meeting Tongji’s requirements, Hai Lu, Technical Team Lead at Tongji University, took the opportunity to investigate the market place for alternative solutions: “We wanted to tightly link controls for identity and access management, reduce the manual effort involved, and improve our security. To provision a new user could take up to three days which was unacceptable. To delete a user could take even longer, up to five working days. During this time the various systems would still be available to the user, which posed a real security risk for us. We needed an international identity authentication solution to give us secure and reliable real-time access control.”
Market research highlighted NetIQ Identity Manager and NetIQ Access Manager™ as potential solutions, according to Hai Lu: “We liked the fact that Micro Focus could give us a complete solution. We felt the cost was justified and, after testing the tools, were excited about the performance and ease of use of the products. It gave us all the integration capability we needed and deployment of the tools was simple. With some Micro Focus implementation support we were online within a month.”
When a new employee joins the university, the integration between the HR system and Identity Manager means that the user ID is automatically created as part of the on boarding process. Similarly, when an employee leaves the user account is disabled automatically closing any potential security gaps.
Role-based provisioning is used to determine what system access is required for each user, so new employees are productive straight-away and the automated process eliminates the manual effort involved. Whereas previously users would need different logon credentials for the multitude of applications they might use as part of their role at the university, with Identity Manager and Access Manager they now have one user account with one password providing secure single sign-on to applications at any of the university’s locations.
Hai Lu comments: “Having a single password has given us centralized access control and has reduced the number of “forgotten password” helpdesk tickets we dealt with. We are also able to control the password strength which gives us additional security as users would choose weak passwords and repeat them across different applications which posed a security risk to us.”