Implementing SailPoint for secure and automated Identity Governance and Administration

Leaving legacy Identity Management processes behind requires a new mindset, but the results – operational efficiency, workforce productivity, and better collaboration – deliver the edge the oil and gas industry needs to thrive in this new era.

For our client, these drivers led to the initiation of a project to implement SailPoint’s IdentityNow solution, with NRI chosen as its implementation partner.

From start to go-live, our team worked closely with our client’s stakeholders, conducting a discovery process to expand upon the initial requirements and develop a high-level design and roadmap. We adopted an agile process to deliver the roadmap across seven sprints to take stakeholders on the journey, leveraging demonstrations during each sprint to help articulate product capabilities to allow for the refinement of requirements based upon lessons learnt from the demonstrations conducted.

The implementation phase involved sourcing data from SAP HR to manage the identity lifecycle of employees and contractors, and integration with Active Directory, Azure Active Directory and ServiceNow. This provided a 360-degree view of the account data to help generate reports to ‘clean up’ legacy accounts, review account usage and last logins, reduce security risk, and streamline the onboarding and offboarding of accounts using a high-level role-based access control (RBAC) model that will be expanded as the RBAC maturity evolves.

Access requests were configured for standard and privileged access, along with integration to ServiceNow to submit tickets for manual remediation for accounts where systems did not provide an integration capability, i.e., disconnected systems.

The migration of SailPoint IdentityNow was performed using automated CI/CD processes using Azure DevOps whereby NRI built a DevOps agent to cater for the deployment of IdentityNow components.  Other utilities were developed to assist with the automated upload and download of access profiles to help streamline the deployments between environments.

A second phase was also initiated to integrate with SuccessFactors as an additional source to retrieve employee and contractor data.

The implementation of the SailPoint IdentityNow cloud product has resulted in several business improvements. Firstly, operational efficiency and security controls have been enhanced through the streamlining of processes that have significantly reduced the operational overhead associated with onboarding and offboarding accounts across multiple systems and applications.

Data accuracy and completeness across the account data have improved, with the new integrated Identity Governance and Administration (IGA) system ensuring consistent and accurate user account data is synchronised with HR data.

In terms of cost reductions, the capability to automatically disable accounts in ServiceNow and remove Office 365 licences when an employee leaves has significantly reduced licensing costs for both products.

And finally, the ability for users to request access has been simplified along with the ability to enforce security governance controls for privileged access requiring terms and conditions to be accepted and ensuring the duration of the request complies with the maximum permitted time.

Overall, the transformation of identity and access management processes has positioned our client for future growth and compliance with regulatory standards. The IdentityNow cloud product provides improved governance and auditing capabilities, allowing for the implementation of controls such as certifications and role mining capabilities. This transformation not only ensures regulatory compliance but also provides a foundation to onboard other applications in the future to further streamline processes and enforce security controls.