Initial situation

The international airline has a vast number of employees spread across its numerous subsidiaries responsible for passenger transport, cargo, technical service, IT service and others. This highly complex organizational structure made it increasingly difficult for the company to effectively manage the 160,000 users accessing various systems and applications.

In addition, the airline group required a provisioning solution in order to keep the corporate directory up to date and to meet all internal needs in terms of security and efficient audit compliance. The management came to the conclusion that only a sophisticated identity management system would enable them to set up a centralized and automated user administration process.
This called for a new system able to bundle and process all user and corporate data from various sources and then pass these on to the respective target systems.

After carefully sounding out the market, the airline chose GARANCY, because this solution offers powerful provisioning features, is highly scalable and seamlessly integrates with a directory-based IT landscape.

Challenge

The customer operates one of the world’s largest Novell networks. The new IdM (automated IAM) solution therefore needed to provide seamless integration with Novell NetWare and the ability to integrate various systems such as RACF, four Windows NT domains, a SAP system, the corporate directory and other LDAP directories, as well as three home-grown applications (a Unisys-based accounting system and two crew management systems).

The next challenge was to manage the 160,000 user profiles of the corporate directory with over 50 different attribute types per user. The provisioning solution therefore needed to be able to support various input sources to ensure that the directory is always up to date, prevent security gaps and facilitate accurate and extensive monitoring of all processes. As the solution was required to perform these functions without manual administrator intervention, it had to automate all workflows.

For management reasons, it was necessary to treat the subsidiaries connected to the same IdM system as independent companies in order to ensure confidential data traffic and clean administration.

Implementation

In order to achieve rapid ROI, the aviation group first focused on optimizing and automating its user administration processes. As an initial measure, the Novell NetWare network, RACF and the Windows and Unisys systems were integrated with SAM, together with automating administration of the passenger transport unit. This involved connecting two HR systems, a database of external partners as well as two data sources for corporate information with GARANCY. Changes in these systems were transferred to GARANCY, where a rule-based process converted them into user accounts, group associations and authorizations for the various security systems.

After the system successfully went live at the pilot subsidiary, the project team went right on to introduce the solution at the large Cargo business unit. GARANCY makes it easy to manage multiple organizations within a single IdM solution, so connecting the subsidiary to the administrative framework was a simple task. At the same time, SAP was integrated as a second target system to further automate user administration workflows.

The company had already decided in 2000 to build their new IdM (automated IAM) solution around GARANCY. Over the years, the airline added several new features, including biometric password reset via voice recognition, self-service functions, an SPML interface for user data, as well as web service capability. Thanks to the ongoing development of the solution employed and continuous updates to the latest program versions, the solution has been able to meet all requirements in the area of IdM.

Alternative solutions had also been considered along the road, but the excellent track history of Beta Systems made the airline decide to stay loyal to their IT partner of many years. Over time, more and more subsidiaries also adopted GARANCY – at present the Beta Systems solution is used to administrate approx. 200,000 employees of the group. Third-party systems are also being connected step by step, most recently Peregrine Asset Center.

Solution

The corporate directory comprising 160,000 users is run using Novell eDirectory. The internal PKI (Public Key Infrastructure) and numerous applications depend on reliable and up-to-date user data. From the very start there had been no doubt about the advantages of having a provisioning solution that seamlessly integrates with the corporate directory via the GARANCY eConnect standard connector: Consolidation of data sources in combination with powerful GARANCY eConnect features made it possible to introduce an automated workflow to shorten the update cycle for user data, including user attributes and security definitions of the corporate directory.

In addition to the provisioning functions described above, GARANCY offers and supports various additional user administration features. For example, central administrators can use GARANCY to manually perform complex administration tasks. The support team, on the other hand, benefits from GARANCY’s helpdesk feature, which provides a convenient interface for creating and deleting users or for changing passwords.

GARANCY also interfaces with the customer-specific intranet portal, which allows internal staff and external partners to request accounts and user rights based on a harmonized approval workflow. Approved accounts and access rights are transferred to GARANCY, which, in turn, executes the required changes in the connected systems and directories. Thanks to this process, the IT department is in a position to offer its clients a very high quality of service. A workflow system integrated in GARANCY allows all security systems to be updated mere minutes after approval.

Drawing on GARANCY’s cross-platform reporting and monitoring functions, the internal IT service provider can generate fully automated monthly audit reports covering all relevant user and security settings and then send these to the responsible managers via e-mail. In addition, a weekly report on changed, disabled or deleted accounts is generated for each affiliated company and delivered to the administrators in charge of the various target systems.

These centralized and automated user administration workflows also resulted in significant cost savings. GARANCY provides the airline with a consistent provisioning solution for the corporate directory and the strategic security systems. GARANCY reliably ensures that all connected systems rapidly obtain the required user data. GARANCY thus allows the airline to perform extensive user management with great efficiency, with the added benefit of providing a high service level to affiliated companies. As a highly scalable solution, GARANCY can connect new subsidiaries or external customers at any time, which has a very positive impact on the TCO.

The aviation group has benefited from consistent updates to the latest releases of the Beta Systems IdM solutions on two counts: Firstly, GARANCY perfectly integrates into the group’s new target architecture. While the previous version was based on a mainframe platform, GARANCY is run on distributed servers and also draws on Microsoft databases. The current operation of GARANCY on a distributed Microsoft architecture is much more cost efficient than a mainframe-based design, so the customer benefits from much lower operating costs as a result of abandoning mainframe DB2 and using GARANCY IAM.

Learn more about the methodology behind the IAM implementation here

Download the free whitepaper now!