Leading Australasian Bank Automates Identity Lifecycle Management
Reducing new user provisioning from 5 days to less than minutes
Client Snapshot
Organisation: Leading Australasian Bank
Industry: Financial Services
Workforce: 7,500+ employees
Environment: Active Directory, enterprise banking applications and internal services
Use Case: Identity lifecycle automation, access governance and self-service access to multiple systems.
Solution: Activate Identity Operations
The Challenge
Our customer, a leading Australasian bank, was experiencing identity challenges. All access and account changes for the bank’s 7,500+ employees were managed manually by a centralised request team, often taking several days to process. These manual workflows were inconsistent and error-prone, placing additional strain on the service desk to resolve avoidable issues.
Active Directory served as the core system for authentication and access control across applications, software, Secure Folders and Distribution Lists. However, over time it became increasingly unmanageable, with duplicate groups, unclear ownership and limited visibility into usage.
User accounts were created, modified and deleted manually, without clear linkage to individual employees. This resulted in a growing number of legacy accounts, making it difficult to verify whether they were still required or in use.
The bank needed a solution that would:
Automate user account provisioning, updates and de-provisioning to eliminate delays and reduce manual effort
Improve accuracy and consistency in handling access requests to reduce errors and service desk load
Establish clear links between user accounts and employees to improve identity visibility and lifecycle management
Streamline and standardise Active Directory management, eliminating duplicate groups and clarifying ownership
Enhance security and compliance by reducing the number of unmanaged or orphaned accounts and ensuring access was appropriate and auditable.
The Solution
Activate’s Identity Operations solution was selected to automate the bank’s internal IT and Identity Management processes. In the initial implementation phase, several high-value processes were prioritised and automated.
User Onboarding and Offboarding: An integrated Identity Management provisioning process was introduced to automatically create, update, move, and de-provision user accounts as staff joined or left the organisation.
Role Management: Department and location-based roles were synchronised directly from HR data into a structured hierarchy aligned with the bank’s organisational model.
Service Definitions: All existing Active Directory groups and applications were mapped to Activate ‘Services’. Approximately 1,500 services were identified and created from day one through group discovery.
Role Entitlement Discovery: Activate’s role discovery process mapped default entitlements to roles. Smart heuristics (best practices) were applied to assign services when the majority of users in a role shared the same entitlements.
Securing and Automating High-Value Applications: Critical systems were brought under automated control, including:
Retail Banking Teller System
Customer Relationship Management (CRM) System
Contractor, vendor and non-employee accounts.
Implementation of Additional Activate Modules
Distribution List Management
Folder and File Data Management
Self-Service Password Reset.
The bank has remained a customer since 2007. With growing emphasis on operational efficiency and security, Activate has remained a foundational tool in the bank’s continuous improvement efforts. Key automations have included:
Induction and Pre-Termination Processes
Automated workflows covering everything from onboarding to pre-exit risk assessments
Role and Application Review
Scheduled reviews of roles, users and application access by business and service owners.
Mobile and Phone Extensions
Full automation of mobile phone provisioning from request to deployment, including telco setup.
Governance and Mandatory Leave
Automatic enablement and suspension of accounts based on governance policies and mandatory leave requirements.
Privledged Account Management
Automated control of privileged accounts, including service, administrator and vendor access.
Service Catalogue items
Today, over 6,000 services are in active use, with more than 90% fully automated through Activate.
Shared Mailbox Management
Creation and ongoing management of Shared Mailboxes and their data.
Automatic Out of Office
Out-of-office messages in Exchange are automatically applied and removed based on HR leave records.
Key Outcomes of deploying Activate Identity Operations
Activate has enabled the bank to automate more than 380,000 changes annually, with over 900,000 user-service relationships under management.
Key outcomes included:
New user provisioning reduced from 3–5 days to under 10 minutes
From day one, more than 80% of all requests were fully automated. Today, this has increased to over 90%
Monthly requests grew from 5,000 to over 32,000 without additional manual overhead
Estimated cost savings exceed NZ$9 million annually (the cost of performing these requests manually would be over $9M per year at $20/ticket).
Activate continues to be a cornerstone in the bank’s drive for operational efficiency, enabling users with self-service, reducing IT load and ensuring access governance and compliance at scale.