The Ministry uses over 100 systems to which different user communities require access. All user accounts and authentication systems were managed separately for each system. The lack of system integration resulted in data duplication, and the resource-intensive process to manage user accounts was not scalable. Implementing different password policies for user communities was complex and posed security risks.
User provisioning was a manual process. A student account was generated on a mainframe-based system; it would be entered into an identification system, a hard copy printed, and sent to the relevant school for distribution to the student. The system was cumbersome, expensive, and error-prone.
Dr. Ofer Rimon, CIO, Ministry of Education, explains: “We started looking at a more structured identity management solution when we had one million users. We have now grown to over two million users and anticipate the need to support three million users soon, so scalability was important. We wanted to centralize and automate management of user accounts and permissions across our systems, while maintaining uniform enforcement of information security procedures. We were lacking visibility and needed a solution to track and monitor all identity management processes. And, finally, we needed an effective self-service function, where users can update their personal accounts and reset their passwords if required. Our helpdesk was supporting users with these requests.”
The Ministry invests heavily into digitizing its educational environment, and with the introduction of digital books, LMS systems, digital learning environments, tablet access, and the provision of internet infrastructures into schools, a structured identity management solution to gain secure and immediate access became even more important.
Several solutions were reviewed during an RFP process in 2007, in which the organization looked at options for user/account provisioning, a central user data and permissions repository, authentication and authorization for internal as well as online environments, effective reporting tools for tracking and monitoring purposes, user self-service, automating user permissions based on certain organization and business rules, and automatically aggregating and correlating identity data from the HR system and other identity stores.
NetIQ Identity Manager and NetIQ Access Manager were found to be the most scalable and secure solutions for the Ministry, with wide support for identity federation services and mobile device access, both key factors.
The implementation was soon underway with the introduction of expanded system capabilities for the internal network, including process automation, workflow mechanism, and user self-service. In the online environment SSO (single sign-on) was introduced, as well as self-service capabilities.
Ms Devora Abudi, IT security, comments: “Micro Focus solutions have given us a uniform role and entity definition and a process for managing and reporting identities. We now automatically manage user accounts and grant privileges based on user roles. Through unified authentication, our users can access different enterprise and cloud-based applications with a single password and we can support different password policies based on the user profile. We also use password synchronization to provision users and groups of users on a cloud-based Active Directory.”
Mr Yossi Amiel, IDM Project Manager, comments: “Being able to provide a service to teachers and students with one username and password to remember has given us more security and ease of use. Student user accounts no longer require any manual input, and the self-service function has reduced the helpdesk costs.”
Mr Yossi Amiel has seen the benefits firsthand: “Being able to provide business intelligence reports based on the audit data from Access Manager so that the CIO can monitor and analyze systems use, has been really valuable. And I can see the productivity gains of new people in the organization who have all the appropriate access from the first day in their job. Users have a single password to access enterprise-, third party-, and cloud-based services. Our IT staff found the Micro Focus solutions easy to implement and manage and it is so much easier to monitor and enforce information security policies.”
Ms Noami Busin, CTO, Ministry of Education, concludes: “Micro Focus meets our organization’s current and future requirements. We have found the solutions very reliable. We are set for future growth and are very confident that the system will grow with us.”