Merkur Versicherung AG Relies on Garancy Identity Manager as Their Central Authorization Administration Tool

When Merkur Versicherung was founded in Graz in 1798, the Holy Roman Empire under Emperor Franz II was in its final stages. This makes today’s Merkur Versicherung AG, headquartered in Graz, undisputedly the oldest insurance company in Austria. Nonetheless, in terms of technology and organization it has always been a frontrunner.

With the IAM solution from Beta Systems, the insurance company now has full control over who accesses which systems and when. It thus meets all the requirements of the financial supervisory authority, while benefiting from streamlined internal workflows at the same time.

While other companies were still pondering how best to distribute paper inboxes during the pandemic, Merkur already had an “eWorkplace” – an electronic workplace where correspondence is received exclusively digitally and forwarded to the right employee via workflows. “Many similar applications have been added to our IT landscape in recent years,” says Eva Kainz-Kaufmann, certified insurance broker in the department of “Information Technology – IT Management” at Merkur.

For all of these applications, the insurer must define who can access any given system in what manner and for how long. Up until recently, these permissions had been assigned via the ticket system Jira. In this system, the specialist departments had to create tickets to submit their requirements as to who may use which software and to what extent. The administrators of the individual target systems then implemented these for the individual user in the respective systems.

An internal IT audit performed in 2017 uncovered the actual effort associated with this approach. Authorizations used to be based on individuals rather than roles. As a consequence, an individual ticket was created for each authorization request and there was no general transparency on who had which authorizations at any given time. “When the financial supervisory authority made inquiries, we always had to find this information in the individual tickets,” says Eva Kainz-Kaufmann. For security reasons, in particular, it is essential to know at all times who has which rights for which systems. It is equally crucial to be able to assign or revoke these rights without delay.

Therefore, the insurance company decided in 2019 to introduce a central authorization management tool. The market was sounded out together with an external consulting firm. Three vendors were shortlisted out of an initial selection of ten. Beta Systems ended up on top with its Garancy IAM Suite. In addition to the Merkur Information System (MIS), Lotus Notes, eWorkplace, and Microsoft Active Directory (including other connected systems, such as an solution for automatic mail generation) had to be linked to the IAM software.

Implementing the role concept was the first step. While introducing the Garancy Suite, Merkur Versicherung AG started to develop a new role concept. Existing systems and IT authorization structures were thoroughly analyzed and cleaned up.

With the introduction of Garancy, new authorizations are now only granted based on defined roles. The insurance company creates the roles in the Infoniqa HR system. Information such as the date of entry of employees, the department they work in and the position they have are of interest. Based on this data, each employee is assigned two basic roles: an organizational role and a business role, corresponding to the job profile. The organizational role basically defines the department of the employee, while the business role describes their activities in detail. This classification was decided by IT in consultation with the system owners as well as with the division managers of the respective department.

Get Advice from Our Experts

Would you like to learn how your company benefits from Identity Access Management and how to implement an IAM solution in a pragmatic and efficient manner?

Send us a message and we will respond to you shortly. We look forward to hearing from you!