The Challenge
Large-scale modernization of the business operations and IAM program revamp
The large-scale modernization of our client’s business operations to adopt modern digital and cloud technologies also required revamping their Identity and Access Management (IAM) Program to support transformation and ongoing DevOps support of enterprise and partner identity platforms.
The Objective
Operational efficiency and continuous improvement
The objective was to implement a comprehensive modernization strategy for the IAM identity and access management (IAM) program, leveraging Microsoft Azure Cloud technologies to enhance security, improve user experience and support business initiatives while ensuring operational efficiency and continuous improvement.
They chose a Microsoft Azure cloud-first strategy that included several key IAM transformation themes needed to support their business initiatives:
- Enhance security by deploying Azure multi-factor authentication (MFA)
- Enhance security by deploying Azure multi-factor authentication
- Improve user experience through Azure self-service password reset
- Secure third-party access by deploying Azure business-to-business
- Incorporate agile methodology into service delivery leveraging Azure DevOps Boards
- Identify identity-based risks and export risk detection data leveraging
- Azure Identity Protection to generate Power BI reports and integrate log analytics for better data visualization
- Enable end-to-end Azure IDAM platform support
- Collaborate with Microsoft on private preview features and provide feedback to Microsoft product teams
The Solution
A two-step approach
HCLTech approached this program with a two-step approach, combining our Azure stack implementation expertise to run a timebound transformation program with our experience in supporting operations to deliver an SLA-driven outcome-based service along with a theme of continuous improvement.
Transformation project:
- Developed an Azure B2B self-service registration portal hosted in Azure AD for business partners
- Enabled access to 12+ applications for B2B partner accounts
- Enabled single-sign-on while working with application stakeholders
- Configured separate conditional access policies for managed and unmanaged devices
- Blocked legacy authentications via conditional access policy
- Secured all business applications with baseline policies and implemented 55+ conditional access policies (both baseline and scoped)
- Enabled Azure Google federation and one-time-passcode features for business partners
- Deployed Azure automation scripts for dormant accounts removal and un-redeem invitations for org partners
- Enabled self-service password reset and MFA services
- Handled authentication session timeouts with conditional access policies
Operations support:
- Provide ongoing business-hour operational support to the Azure IDAM environment, including troubleshooting and modifications to application connections
- Monitor and address high-risk events through close collaboration with the security operation team
- Closely worked with the Digital Security team for MFA exemption requirement
- Secure and monitor all employee and contractor accounts with Azure Identity Protection service
- Ongoing development support for platform enhancement, application integration and policy tuning
The Impact
Process efficiencies and streamlined operations
- Increased their productivity through reduction of manual activities and ease of providing access to partners
- Reduced the help desk cost
- Streamlined the MFA exemption process
- Followed best IAM practices to clean up the current production Azure AD environment with respect to service, test, generic, positional and shared accounts
- Enabled Azure one-time-passcode feature for partner accounts to secure the authentications
- Established a feedback loop in Microsoft on new private preview feature to collect pros and cons
