Challenge

Over the years the Lantmäteriet responsibilities have grown and its stakeholder base has expanded. Lantmäteriet has over 2,000 employees and provides information to approximately 20,000 external users, from banks to farmers and general citizens. Within the organization, different divisions have merged so that resources can be used more efficiently and a more comprehensive customer service is delivered.

Merging divisions is not without its technology challenges, as Christian Oswaldsson, IT Manager for Lantmäteriet, explains: “Everyone used their own IT systems running on a variety of platforms and there was no central way for us to track user access. With over 200 applications in use throughout Lantmäteriet we really needed this visibility. As a result of our complex environment, it was very difficult to bring new users on board. It could take up to 32 days to have a new employee up and running with all the applications they needed for their job. Users would need to remember different log-on credentials which led to security concerns and password issues for our helpdesk to solve. Overall, it was clear to us that we couldn’t provide the service we wanted, either internally or externally, without automated structured identity and access support.”

Solution

After evaluating all the main players in the identity and access space, Lantmäteriet found that NetIQ Identity Manager was the best match to provide a consolidated approach across all the different platforms, including mainframe, Windows, Linux, and UNIX. Identity Manager also crucially has an event-driven approach, which means that data synchronization between systems happens in real-time which was important to Lantmäteriet.

To introduce a structured identity and access approach required more than just technology, as Oswaldsson soon discovered: “Many of our applications are developed in-house and highly customized, so we have a dedicated team of 200 developers, with another team focused on the application deployment, support and maintenance. During the course of our project to introduce a standard identity and access approach across our application portfolio, we found that it actually would work much better if these teams are integrated and collaborate directly.”

The HR system was one of the first applications to be integrated into the identity and access process, and this had the immediate benefit of reducing the on boarding time for new employees, using role-based provisioning to determine appropriate system access. It also ensured that when employees leave Lantmäteriet, their access rights are automatically revoked, closing potential security gaps.

Over a period of time, new elements were added to the infrastructure. NetIQ Access Manager is now closely integrated with Identity Manager and enables secure access to nearly 30 web-based applications used by citizens and companies. Lantmäteriet is investigating using Advanced Authentication for these audiences to provide One Time Passwords (OTP) which is the safest option when only occasional access is required.

On security, Patrik Florén, Architect, adds: “NetIQ Sentinel and NetIQ Change Guardian are linked to the Lantmäteriet Active Directory to provide a central view of user activity across all systems so that any security threats are detected and managed very quickly.”

Passwords for internal users are managed through NetIQ Self Service Password Reset with password synchronization from Identity Manager to Access Manager. This has reduced the burden on the helpdesk and enforced stricter password rules for added security.

Results

The project is still a work in progress, as Oswaldsson observes: “There are still some systems which require manual intervention and our role-based provisioning needs more detail, but overall we have implemented an effective user provisioning and single sign-on environment. A new employee has access to the basic systems from day one, with access to more complex systems achieved within five days. With our development and deployment team integration we can now solve 98.5 percent of identity and access issues within two days, which is a great achievement.”

He concludes: “With the introduction of Micro Focus we are now confident about our information security. Our users and IT processes are much more productive and efficient. It’s hard to put a number on happy users and great customer service, but we are very pleased with the results.”