Article

(View Disclaimer)

Founded in 1992, Discovery is a leading financial services company based in South Africa with additional operations in the UK and US. Locally, the company specializes in the health and life insurance markets, and is a pioneer in the emerging market for lifestyle and wellness products and benefits.

Challenge

Discovery has operational centers throughout South Africa, and growing business interests in the UK and US, employing a total of approximately 7,000 people. Monthly staff turnover at Discovery is much lower than the industry average. Even so, each month between 60 and 100 people join the company and approximately the same number leave. This turnover of staff was putting a strain on Discovery’s identity management processes.

The company had implemented Microsoft Identity Integration Server to synchronize its user directories and largely eliminate paper-based administration for additions, changes and deletions. However, as Discovery looked to introduce more sophisticated automation for identity management and role-based provisioning of new users, the Microsoft solution became increasingly inadequate.

The software had worked well as a pure synchronization tool, but was limited in its scope, leaving a significant amount of manual work for administrators. It was also relatively complex and difficult to use, and Discovery had concerns about its scalability.

Solution

Discovery selected Novell Identity Manager as the basis for its new automated provisioning system, and engaged Ubusha Technologies, a leading South African systems integrator, to provide training and guidance to its in-house IT team.

“Our existing Microsoft solution was not sophisticated enough to support our plans for identity management,” said Alwyn Van Niekerk, Systems Architect at Discovery. “Novell Identity Manager could do almost everything we needed ‘out of the box’, enabling us to keep our significant internal programming expertise focused on our core insurance systems.”

Discovery implemented Novell Identity Manager on SUSE® Linux Enterprise Server, with a staged rollout taking around three months to completely replace the synchronization previously handled by Microsoft Identity Integration Server. Novell Identity Manager draws on the central human resources database as its master source of identity information, and synchronizes a number of internal systems, including four Microsoft Active Directory domains.

The new solution synchronizes information every 20 minutes across all systems. By contrast, the former solution had a 24-hour cycle, and Discovery needed to make further manual changes to ensure that user information and access rights were reflected accurately throughout the enterprise.

Results

The introduction of Novell Identity Manager has radically simplified Discovery's identity management processes, eliminating the long development and testing cycles required by the former Microsoft solution.

“Novell Identity Manager is a breeze to use: the toolset is very well developed and it is clearly a mature, user-friendly product,” said Van Niekerk. “Discovery is a dynamic business, and there are many moves and changes to handle, including a major re-organization about once a year. Novell Identity Manager gives us the power to automate all the complex data synchronization needed to make that run smoothly.”

Discovery can now provision users in 20 minutes, rather than 24 hours, so new employees can use e-mail and access all relevant applications on their first day at work. Equally, the solution automatically removes all access rights from ex-employees as soon as their period of employment ends. Previously, an administrator could forget to manually remove an old user from some systems, potentially creating a security risk.

For the complete success story, visit:
http://www.novell.com/success/discovery.html

Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).

It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.