How to find an IAM solution that controls access of thousands of external employees to hundreds of IT applications.
Large-scale projects represent a major challenge as regards IT security, because it is not only the thousands of employees who use the IT systems; in addition, often thousands of external employees from several hundreds of partner companies also need to access a broad range of applications while working on the project. The Identity Access Management must ensure that all involved have the required access rights at the right time, as well as revoking the rights as soon as they are no longer needed.
In large-scale project a staff of several thousand is involved. Assume that about half of them are office workers, meaning they require access to the IT applications. But no single company can build major industrial projects alone e.g. a power station or an airport, so a large number of external subcontractors and experts are involved in the project. They all need to access a wide array of applications, from electronics suppliers and lift manufacturers through to design and architect’s offices.
The Number of External Users Greatly Depends on the Specific Order and the Project Scope
The number of external users changes with every new project. Providing these users with access to the required systems at the right time and then revoking the rights in a timely manner is a highly challenging task for the responsible IT team.
For this reason, an Identity and Access Management solution is necessary.
IAM enables Easy Access Control to a Multi-level Partner Network
The IAM solution allows to control the access rights of individuals from partners and sub-partners with great precision. This is imperative especially when there exists a multi-level corporate partner network with different categories, each of which might access systems in a different way and uses different applications. The highest level can be reserved for key partners that have permanent access to the network.
Suppliers of the second level who can access selected applications using a virtual private network protected based on SSL (Secure Sockets Layer) and password allocation via SMS. IT partners, a third category, provide software for robotics, cutting technology and also access certain systems via VPN connection for maintenance purposes. The project owner can grant its key partners full corporate network access, while the two remaining categories only receive personal access rights to selected applications.
Smooth Bidirectional Rights Management – Allocation and Revoking
Owing to the IAM solution SAM Enterprise, the request procedure for the access rights of all thousands of external employees is now very simple. Now rights administration is much easier with SAM, rather than activate the respective rights in the individual applications. It provides the access for individual users centrally with SAM Identity Management, depending on his job in the project. And, what really helps the most that the process is no longer a one-way street. Over time, many rights accumulate, but it is also the IT department’s job to revoke the rights depending on the project duration. And this is precisely where things often do not go so smoothly without an IAM solution as key partners were able to request access rights for sub-contractors one or two levels down in the hierarchy. Often there is normal business relationship with these sub-partners, so it was not possible to know who was using the systems, and sometimes access rights were even granted to people who were no longer working with the systems.
With SAM Enteprise it is possible to determine for each project when a specific access right of user X will expire for a particular system. And the access rights for companies further downstream in the hierarchy can now also be monitored and managed in detail as any rights revoked for a key partner are automatically also revoked for the partner’s sub-contractors.
SAM – Infrastructure Platform for Services, Applications and Partners
IAM based on SAM represents an important infrastructure platform for large scale projects, as many companies will continuously add further services, applications and partners. The IT administrators greatly benefit from the software since it significantly reduces the manual tasks required to allocate access rights. But the major objective is security – the ability to reliably revoke access rights when no longer needed. SAM also allows the customer audit accesses and generate detailed reports on which system is being used by whom or to identify assigned rights that are not being used by a person or that should not have been granted in the first place, among many others.