About Regione Toscana
Regione Toscana, in the centre of Italy, provides local government services to some 3.7 million citizens. The region's ten provinces include world-famous cities such as Florence, Siena and Pisa, attracting more than 10 million tourists annually.
Managing the user accounts for some 3,000 employees across numerous systems placed a heavy workload on the Regione Toscana technical team. User identity information was held in different databases managed by different people. Each application or service had its own database, which sometimes ran the risk of not being up-to-date and therefore containing inconsistent data. As a result, identity management was complicated, time-consuming and potentially error-prone.
When users moved office or left the organisation, there was a risk that the relevant databases would not be updated and that leaving users would retain access to sensitive information. Italian privacy law requires all employers to meet minimum standards to protect sensitive personal information and data.
Regione Toscana set itself four key objectives: to simplify identity management and service provisioning; to improve security through better password management and easier removal of users; to standardise systems and the handling of personal data; and to cut administration, provisioning and ongoing operational costs.
Regione Toscana entered into an agreement with us to implement Identity Manager. The implementation was supported by Net Studio, a Business Partner specialising in identity and security management solutions.
Regione Toscana deployed Identity Manager in a two-phase programme. First of all, the central LDAP server was synchronised in real time with user information from each system involved in the project. Once a complete and standardised record for all users had been created, authentication services for local systems were redirected to this shared store. Subsequently, a trusted network of federated systems was established, that allows an authenticated user to gain access to the appropriate services based on their identity.
Identity Manager enables Regione Toscana to grant or revoke user access to all or specified systems based on updates to a single, standardised identity record, allowing the organisation to enforce and demonstrate compliance with security policies and legal requirements.
The modular nature of Identity Manager has enabled Regione Toscana to take a staged approach to implementation, and the solution so far covers more than 20 core systems. Identity Manager synchronises recorded digital identities on SMTP servers, existing LDAP servers and in DB2 databases. In addition the solution handles password synchronisation, enforces strong authentication procedures, and requires positive approval of new account creation and role assignments, with a full audit trail.
With Identity Manager in place, Regione Toscana has simplified compliance with privacy legislation related to user management, has cut its IT support workload, and improved its responsiveness to user provisioning and deprovisioning requests. The organisation also has a clearer view of which users have access to which resources, helping it to foresee potential security issues.
"The most important benefit of using Identity Manager is centralised identity management," said Daniela Vannucchi. "We can monitor a user's whole lifecycle and control the resources to which they are allocated. They might be internal or external users, consultants and politicians, all of whom need access for defined periods."
The solution also simplifies access to systems by synchronising user credentials and passwords across connected applications. This covers systems such as file and print, integration with the telephone exchange, postal systems, email accounts, and access to applications hosted on Linux and UNIX servers. With fewer login details to remember, users are less likely to forget their passwords and require assistance from the IT helpdesk.
"With Identity Manager it was possible to create a single point of access to user information on different data stores," said Daniela Vannucchi. "The Novell (now a part of Micro Focus) solution has reduced the inconvenience for users of having to remember multiple passwords and their expiration dates."
"Identity Manager has made it faster, easier and more secure for users to access the applications and information they need, and has also cut the number of calls to the helpdesk," said Daniela Vannucchi. "Ultimately, the Novell solution has eliminated many time-consuming and repetitive tasks for our IT staff and guaranteed the rapid and up-to-date interchange of user identity information."