Financial / Banking

Written By The Printer's Son

Summary

A California Credit Union needed to improve the process of granting and revoking employee access to internal and cloud applications for new hires, transfers, and terminations, as existing workflows were manual and time-consuming. PRESIDIUM Solutions assessed and made recommendations for the current state of Identity Management solutions at the credit union.

Okta Workforce Identity was selected and implemented by PRESIDIUM Solutions and resulted in full- employee lifecycle management, instant provisioning and de-provisioning of access based on HR actions, and improved security and compliance.

Company Profile

The credit union is a California based non-for-profit financial cooperative with over 225,000 member-owners and $4.7 billion in assets.

Employees: 700

Challenges

The credit union offers a wide range of diversified financial products such as personal banking, mortgage and auto lending, investment, and business banking services. The credit union has dozens of internal and cloud applications for which access needs to be provisioned, de-provisioned or updated during the lifecycle of its workforce through hire, transfer, termination and rehire actions.

The HR department was required to enter employee data into the HR system and then manually notify various application administrators, help desk and IT security teams about hires, terminations, and transfers so that access to applications could be granted, revoked or changed; these workflows were manual, time-consuming and prone to error. Given the sensitive nature of the banking applications used, timely removal of access for planned and unplanned terminations was critical: Removing access quickly, was proving challenging as the application footprint grew and application owners multiplied.

Results

PRESIDIUM Solutions worked with the lines of business to discover and document target applications and rules for access and roles within those applications. The HRIS department was engaged to understand all lifecycle workflows for employee hiring, transfer, termination, and re-hire use cases.

IT security and account provisioning teams were engaged to understand current user provisioning, security, and compliance use cases.

The credit union was an active user of Okta Access Management Federation and MFA services for cloud and internal applications. Based on costs and capabilities, it was decided to leverage Okta and expand its use by implementing the Okta Workflow and Lifecycle Management modules to build-out a robust Identity and Access Management (IAM) Solution.

PRESIDIUM Solutions delivered an IAM solution which provided the following:

  • Sourcing HR data from ADP using the Aquera SCIM interface to create Okta Identities

  • Assigning birth-right roles based on HR data

  • Implementing ‘Joiner’, ‘Mover’ and ‘Leaver’ workflows based on HR actions in ADP and application business rules

  • Provisioning user accounts to Active Directory, O365 and Salesforce

  • Assigning Active Directory security groups based on role

  • Provisioning O365 licensing for email account

  • Provisioning access to Salesforce and assigning premissions based on birth-right role

  • Modifying application access/roles based on HR transfers and job changes

  • De-provisioning/disabling access to all target applications upon termination

  • Sending out notifications based on hire, transfer, and termination HR actions

Key Benefits

  • Access automation significantly improved the speed at which employees were able to be productive on the first day of work, allowing the IT security and account management team to focus on other high-value tasks

  • Timely and automated de-provisioning of access upon termination ensures all access to critical banking applications was shut off immediately, in a secure and auditable manner

  • The ability to leverage Okta for Identity Management allowed for cost savings, an increased ROI on existing investment and rapid solution development and deployment.

  • Syncing data from HR ADP (source of record) to downstream applications improved data integrity, accurate role assignment, and reduced administrative overhead.

  • The initial phase provided the foundation to on-board additional applications across all lines of business, resulting in even greater efficiencies, compliance, administrative cost savings and ROI.

The Printer's Son

A UK based creative that designs, develops, and styles websites for individuals and small businesses.

http://www.theprintersson.com
Previous

Telecommunication
Next

Gaming