Success Story: International Construction Company Microsoft Identity Manager Executive Summary Design and implement an identity management solution that can interface with a proprietary HR system and manage user identities for a global user community. The solution handles user onboarding, offboarding, birthright group assignments, Office 365 licensing. The solution also integrates with SolarWinds for service desk operations. Leveraged Tools Active Directory
Azure AD
Azure AD Connect
Microsoft Identity Manager
Microsoft SQL Server
Office 365
Success Story: International Construction Company Microsoft Identity Manager Executive Summary Design and implement an identity management solution that can interface with a proprietary HR system and manage user identities for a global user community. The solution handles user onboarding, offboarding, birthright group assignments, Office 365 licensing. The solution also integrates with SolarWinds for service desk operations. Leveraged Tools Active Directory
Azure AD
Azure AD Connect
Microsoft Identity Manager
Microsoft SQL Server
Office 365

Client’s Challenges

As a rapidly growing international company, this client was challenged with managing user accounts and permissions because they did not have an effective, automated solution to identity management. With an ever-growing payroll, the IT department was under constant pressure to accurately maintain user access, roles, email, and more.

Additionally, this client periodically acquires third-party organizations which have complimentary product lines, and users of those organizations would also require their identities to be managed.

This Microsoft Identity Manager success story uncovers describes ActiveIdM’s approach to solving the client’s challenges using a Microsoft Identity solution.

Client’s Requirements

  • Implement a lifecycle management system using Microsoft Identity Manager 2016 (MIM)
  • Consume employee and contractor data from a proprietary HR system
  • Provision user accounts to Active Directory, SolarWinds, and Azure AD
  • Assign Office 365 licenses based on user role
  • Implement support for onboarding, offboarding, location transfers, conversions, HR data changes, and immediate termination
  • Implement self-service password reset (SSPR) using both Microsoft online password reset and MIM-based SSPR
  • Implement dynamic Active Directory groups for birthright assignment
  • Manage Active Directory computer object OU assignment
  • Synchronize HR employee profile photos to Active Directory, Azure AD, Exchange Online, Office 365, and SharePoint Online
  • Implement a pluggable architecture to allow acquisition of third-party companies and manage the identities of acquired users without the need for additional software changes

ActiveIdM’s Solution

With thoughtful planning and preparation, ActiveIdM created a solution based on Azure, Office 365, and Microsoft Identity Manager 2016 (MIM). A two custom MIM connectors were created, one for importing HR data from the client’s proprietary HR system to MIM and a second connector for integrating with SolarWinds for trouble ticket and asset management.

MIM dynamic groups where implemented for birthright group assignment. This provided permissions for VPN access, file share access, SSO application access, and Office 365 licensing.

To address the requirement for a pluggable architecture to consume and manage identities of acquired organizations, ActiveIdM implemented MIM logic which is compatible with any acquired organization’s Active Directory forest. When a new acquisition is being configured for identity management in MIM, the client adds several entries to a database table and creates a new MIM Active Directory connector based on a provided template. This enables acquisitions to be placed under MIM identity management without the need for additional software changes.

This successful implementation resulted in cost savings for the client through automation of user identities, Office 365 licensing accuracy, and increased the client’s overall security by ensuring users are correctly onboarded and offboarded.