About Federal Statistical Office
The Federal Statistical Office is Germany's leading provider of high-quality statistical information. As a government body, the Office provides objective, independent data to help politicians, economists, organisations and individual citizens develop informed opinions and support decision-making in a democratic free-market society. The Office employs 2,780 people at three locations in Wiesbaden, Bonn and Berlin.
"We have more than 300 important IT systems, which are accessed by 2,780 users from three locations," said Dirk Hochberger, IT Infrastructure Consultant at the Federal Statistical Office. "Moreover, we have several kinds of users—our own employees and interns, as well as external users to whom we provide various services. Great numbers of user accounts had to be managed separately in each system, which was a laborious process."
Giving a new employee access to all relevant systems could take three or four days, as accounts needed to be created manually in each system. Moreover, when an employee left the organisation, clearing up the systems was sometimes even more time-consuming and a potential risk to security.
The Office decided to deploy an identity management solution that would integrate with its main systems and automate user management processes.
"We realised that we needed a solution that would be able to integrate with a wide range of different technologies—our HR system, Microsoft Active Directory, Microsoft Exchange, Novell eDirectory™, and several others," said Hochberger. "We looked at various solutions, and Novell Identity Manager offered the best match with our requirements: out-of-the-box integration with most of our systems, and a powerful Designer toolset for creating user management workflows."
A combined team from Novell Platinum Partner G+H Netzwerk-Design and the Office's internal IT department created a detailed project plan, and held workshops to define the requirements for the user management processes. Thanks to this careful preparation, the implementation itself ran smoothly, and was completed within just six months.
"Our collaboration with the G+H Netzwerk-Design consultants was very good," said Hochberger. "We definitely benefited from their experience of previous Novell Identity Manager projects, which helped us build the solution in small steps, focusing on the task at hand without losing sight of the overall goals."
"We enjoyed developing an end-to-end solution that combines both identity management infrastructure and and an intelligent workflow system," says Thomas Gertler, CEO of G+H Netzwerk Design. "This enabled the optimisation of the identity management processes starting in the HR department, going through approval workflows, and ending up with fully automatic user provisioning in the IT systems."
The solution uses Novell eDirectory as a metadirectory for all users, which is connected to all the different systems via Novell Identity Manager. When a new employee is added to the HR system, the details are transmitted to eDirectory, and the Identity Manager Roles Based Provisioning Module starts workflows that automatically create user accounts in all relevant systems. Subsequent identity-related events, such as a change of role, name or personal details, or an employee leaving the organisation, are managed via similar workflows.
From the users' perspective, the new solution makes life easier: due to single sign-on, there are fewer passwords for users to remember, which makes it easier to implement enhanced security policies. Passwords can be more complex and password change cycles can be shortened. The single sign-on solution helps users to access more than 30 important applications.
Meanwhile, from the IT team's perspective, administrative workload has been reduced significantly. Instead of creating, updating and deleting user accounts in individual systems, the whole process is automated. When adding a user to a system requires specific permission, notifications are automatically sent to the relevant people, and they can simply click to approve.
As a result, new employees can gain access to the systems they need within one day—up to 75 percent faster than before. The solution also provides better visibility of user access rights, and makes it easy to revoke access when someone leaves the organisation, ensuring that information remains accessible only by authorized users.
"When implementing the system we had to review our user-base. We discovered that about 50 percent of our inactive accounts were no longer necessary," said Hochberger. "The initial and now automated clearing of these accounts ensures that only genuine users can access our systems— providing a higher degree of security.
"We are the first higher federal authority within the portfolio of the Federal Ministry of the Interior to implement a working identity management solution, and we are already seeing significant productivity gains, both within the IT department and—udue to single sign-on—uacross the user community. We would certainly recommend this solution from Novell and G+H Netzwerk-Design."