South African Retailer Optimizes Identity Lifecycle Management with Omada
Together with our partner in South Africa, Integralis IT Consultancy, Omada was selected to implement an identity and access governance (IGA) solution for one of South Africa's largest e-commerce and online retail groups.
One of South Africa’s Largest Online Home Shopping Retailers Optimizes Identity Lifecycle Management with Omada Identity Suite
While seasonal and casual workers present a significant opportunity for companies to make the most of busy periods such as the summer and Christmas, they also introduce a substantial challenge to the IT team who must ensure that they have access to all the systems they need to do their job without compromising security and compliance. Working with our local partner Integralis IT Consultancy, Omada was selected to deliver an identity and access governance solution for one of South Africa’s largest e-commerce and online retail groups.
The challenge of managing access for seasonal workers
Whether they work on the shop floor, drive delivery vans, or provide customer service, temporary workers often need the same levels of access to business systems as permanent employees, which can cause challenges for the IT administration. For one of South Africa’s largest home shopping retailers, selling homeware merchandise and financial services across the region, this means a high volume of staff movement each month, and a full-time workforce of 2200+ employees, involving a complex web of permissions and entitlements.
Specifically, this involves managing the full lifecycle of accounts and permissions:
- Onboarding new employees across many sites in a short period of time, giving them access to a wide variety of both on-premises and cloud-based applications
- Limiting access to systems so that seasonal and full-time workers can only see the information they need and no more
- Maintaining an accurate list of temporary and ongoing workers and their existing access rights
- Getting in control and staying in control of Active Directory (AD) accounts
- Disabling access for seasonal or terminated workers when they leave the company
- Proving to auditors that the organization is in control of who has had access to resources over time
An additional layer of security to enforce compliance
The complexity of managing the full lifecycle of seasonal and ongoing employees is further complicated by the necessity to comply with the Protection of Personal Information (POPI) Act. Activated in South Africa in 2013, the POPI Act ensures that companies are forced to establish policies and enforce compliance to avoid monetary fines.
The identity lifecycle management processes of Omada Identity Suite (OIS) enables the company to identify Active Directory accounts without owners and provide managers with an opportunity to either assign an employee or contractor as owner, or to delete the account as appropriate. With control of its user identities in place, the company uses a combination of identity lifecycle management, access requests, and role and policy management processes to ensure that users only have access to the resources they need on an ongoing basis. The company is also able to ensure that new employees and seasonal workers are given the right level of permissions from their first day of employment.
This has resulted in the company being confident that they are protecting the valuable information stored in their critical business systems against theft and non-compliance with regulations while ensuring the productivity of employees.
For the customer’s Group Operations Manager, the ease of being able to conduct audits, adhering to rigorous compliance requirements is a significant value-add; “Not only do we have a single interface from where we can see all permissions assigned to an individual, but we can also report on all historic events, and provide our auditors with reports to prove our compliance. Omada Identity Suite has drastically reduced the incidents logged due to lack of permissions in new roles or for new employees.”
An all-in-one identity management and access governance solution
With a fully featured process framework for identity management and access governance, OIS simultaneously improves IT security, ensures compliance control, and enables business efficiency. Specifically, for large retailers, this means having the ability to:
- Onboard large numbers of casual workers quickly and efficiently during busy periods using pre-defined roles
- Ensure that casual and ongoing workers have access to the right resources so that they are productive from day one using scheduled access
- Automatically remove access rights for seasonal and ongoing workers once their contracts expire
- Regularly verify that all user accounts are assigned to a current worker to prevent those who leave before the end of their contract from having unauthorized access
- Effectively manage access to a broad range of on-premises and cloud-based applications required by a variety of different roles
- Generate historical reports to prove to auditors that the access rights of all seasonal and full-time workers were limited to just what they need
Integralis Director and Solutions Architect, Quinton Hughes says that the speed at which OIS could deliver upon its promises was the most exciting part of the project. “We were seriously impressed with the ease of deployment, implementation and how quickly we could implement policies and provide our customer with reports. The entire deployment from zero automation and integration to eight systems being onboarded and with automated provisioning / deprovisioning into all systems was completed within three months.”
Founded in 2008, Integralis IT Consultancy is a South African consulting and managed service provider with a niche focus in the realm of cloud enablement and identity, access, and governance management. With a vast amount of experience and skills in Microsoft consulting and identity management, Integralis has built a portfolio of services and technology offerings to empower and secure business operations both on-premise and in the cloud.