Increasing the centralized control on authorisations within the digital landscape.
What did we do?
For the Dutch Ministry of Defence we were hired to be consultants on Identity Access Management (IAM). MoD had challenges that we found incrementally. Over the course of 2 years we worked on a number of cases.
- Build a process and start implementing applications to the IAM tool of MoD so we increase the centralized control on authorisations within the digital landscape. This was as part of a project called IAM 3.0.
- Rebuild the interface (known as IdentityHub) so that the organization had more control over the elements that matter the most.
- Spider in the web / business analysis for migrating complex infrastructure to a new more modern way of working.
The content of this page includes the first point.
MoD is an organization that has been around with IT for a long time already. Due to the size, age and nature of the organization, there are a lot of independently developed applications for the different departments. Our objective was to start connecting these applications so that we can have centralized control on the JML (Joiner, mover, leaver) process that determines what users have access to the applications, on what level and why.
The onboarding process of getting new applications connected to the central system was part of a project called. IAM 3.0. The project started from a building block that is the default organization. Our role in the project was to investigate in what way we could connect the application, determine impact and build PoC’s.
Building a process to onboard new applications had 2 major challenges for our team:
- Because of the high differentiation in the way these custom systems were built and designed, it required an in-depth technical analysis of each individual application.
- MoD’s technical landscape consists of a lot of small islands that all have their own governors. Talking to and getting commitment from these individual Islands can be difficult.
We formed duo’s of people capable of filling the required role by pairing Technical consultants with Business consultants. We made a plan for the next 10 applications that we wanted to onboard. First, a business consultant can speak to the team of the application that should be onboarded. See what the culture of the specific team was like, make an estimation of the likelihood of this application being a good candidate for onboarding. Then the technical consultant would join for a more in depth technical analysis. Together they could write a recommendation on: if and how, the application should be onboarded.
The process was hard to set up, but once we understood how it could go, we created some traction and started producing more reports. The bottleneck we had is that we could not move the applications to the actual production environment because of maintenance issues. This led to a management decision to move our project capacity to the maintenance of the production environment.
- SailPoint IIQ
- Many custom systems
- Java programming
- Process analysis
- Technical analysis
- Consultancy, business and technical