Automating Identity Access Management in Government

With thousands of employee lifecycle events taking place each year,manual processes put pressure on the Service Desk and increased the risk of delays and errors.

The department was dealing with:

• Around 1,300 new starters and 900 departures annually
• Over 15,000 personnel changes each year requiring manual action
• A heavy reliance on the Service Desk to initiate and track all access-related tasks.

Every change, whether it was creating a new user account, updating a name or employees role, or removing access when someone left, had to be initiated manually by the Service Desk. This not only consumed valuable IT resources, but also resulted in the introduction of human errors (such as incorrect and incomplete access and improper removal of access), access delays and compliance issues.

They needed a solution that could fully automate identity and access provisioning across the entire employee lifecycle, while integrating with existing systems and processes.

The department deployed Activate’s User Manager and Roles& Entitlements modules to automate key stages of the personnel lifecycle, from pre-employment and onboarding to internal role changes and secure offboarding.

Key features:

• ‍Automation from Day One: The process begins even before a new hire’s first day. During the initial offer step, Activate is used to create a ‘contingent worker’ automatically provisioning limited access and entitlements for the potential new Employee. This gives them early access to the tools needed to sign contracts and complete pre-employment paperwork securely. Once the employee has accepted the employment contract, Activate automatically provisions them as a ‘full employee’ within the organisation, providing them with the default data access and entitlements (Birthrights) that they require to effectively do their job from day one.

• ‍Role-Based Access with Seamless Updates: The Roles & Entitlements module has allowed the organisation to set up HR Business Roles for systems access and provisioning, based on a person’s department within the organisation. For example, a new Case Worker will be setup to automatically receive a Duress Alarm as part of their on-boarding experience. Behind the scenes, Activate synchronises with Oracle Cloud HR four times a day to stay up to date with new starters, terminations and changes in department structures, job titles and locations. Activate’s Connector Engine regularly checks the HRIS system for new hires or updates to existing employees. When someone's details change, the system automatically updates their user information across Active Directory, Microsoft Entra (Azure AD) and other connected systems. Access is reviewed and adjusted accordingly, reducing risk and ensuring people only have access to what they need.

• ‍Secure and Timely Offboarding: When someone leaves the organisation, Activate automatically triggers a tailored de-provisioning process based on their role and the organisation's specific business requirements, ensuring a level of security adherence and compliance not possible with previous manual processes.

The impact of automation has been significant, both in terms of time saved and improved security.

The organisation observed immediate improvements:

• Reductions in Service Desk tickets and provisioning delays as a direct result of implementing the HRIS integration with Activate
• Faster new starter productivity with access and entitlements from day one
• Improved service levels and end-user experience throughout the Employee Lifecycle
• ‍Strengthened system and data access security during role changes and offboarding
• ‍Enhanced transparency and data sharing across HR, ICT, third-party vendors and business units
• Increased auditability of employee access rights and entitlements
• ‍Automated thousands of lifecycle requests
• Eliminated and minimised errors and rework.

These outcomes have allowed the Service Desk agents and IT Staff to allocate more of their time and efforts to other important tasks, improving efficiency and significantly reducing costs for the organisation.