Case study

Seamless Transition to New
IdM Platform With Improved
GUI and Functionality

Client:
Orange Slovensko, a.s.

Scope:
Identity management

Overview

Orange Slovensko needed to improve the GUI
and transition from its legacy IdM to midPoint
while keeping their systems running and meeting the deadline and budget

Challenge
Orange Slovensko was seeking an IdM platform to replace its legacy solution. There had been a major focus on seamless transition for the employees and improvement of IdM administrators’ workflows.

Process
During the midPoint integration, it needed to run concurrently with the legacy IdM solution. Source and target systems had been switching to midPoint one by one, while all the data needed to be synchronized between two IdMs throughout the project, since the access request module was migrated at the very end.

Outcome
midPoint replaced legacy solutions entirely and gave employees a better experience in the access request process. The transition took place without any significant impact on employees or connected systems.

objective

The IdM environment in Orange Slovensko was built around the commercial product that was over its lifespan and no longer supported.

There were multiple identity sources like SAP and several LDAPs. However, there was a need to migrate several online resources and two offline ticketing resources; one of them ARS Remedy covering over 250 offline systems.

Since that time, there has been a significant emphasis on all systems’ continuous operation and the minimum impact on employees, who should also benefit from a new, fresher, innovative interface to request roles and permissions.

challenge

Due to the scale of the system, the transition had to be continuous and finish with decommissioning of the legacy IdM.

The access request interface was part of the legacy solution, however, it could be migrated into midPoint only after all resources and target systems were provisioned by midPoint.

During the project, data had to be bidirectionally synchronized between both IdMs, since each IdM was a source of partial data for the other IdM.

process

The project was divided into two phases.

Phase 1

The scope of the first phase was to migrate the main HR source, and the main target source “Active Directory” and establish synchronization between the legacy IdM system and midPoint. Another part that was completely under the competencies of midPoint after phase 1 was password management. Active Directory, as the most complex resource, was also the most critical one, since it stores data of about 5000 entitlements. To ensure midPoint configuration is identical to the legacy system, Inalogy built pre-prod AD, which is identical to the production one, and provisioned it by midPoint for over two months.

The scope of the first phase was to migrate the main HR source, and the main target source “Active Directory” and establish synchronization between the legacy IdM system and midPoint. Another part that was completely under the competencies of midPoint after phase 1 was password management. Active Directory, as the most complex resource, was also the most critical one, since it stores data of about 5000 entitlements. To ensure midPoint configuration is identical to the legacy system, Inalogy built pre-prod AD, which is identical to the production one, and provisioned it by midPoint for over two months.

Phase 2

The scope of the first phase was to migrate the main HR source, and the main target source “Active Directory” and establish synchronization between the legacy IdM system and midPoint. Another part that was completely under the competencies of midPoint after phase 1 was password management. Active Directory, as the most complex resource, was also the most critical one, since it stores data of about 5000 entitlements. To ensure midPoint configuration is identical to the legacy system, Inalogy built pre-prod AD, which is identical to the production one, and provisioned it by midPoint for over two months.

The scope of the first phase was to migrate the main HR source, and the main target source “Active Directory” and establish synchronization between the legacy IdM system and midPoint. Another part that was completely under the competencies of midPoint after phase 1 was password management. Active Directory, as the most complex resource, was also the most critical one, since it stores data of about 5000 entitlements. To ensure midPoint configuration is identical to the legacy system, Inalogy built pre-prod AD, which is identical to the production one, and provisioned it by midPoint for over two months.

outcome

The project of Identity management swap in Orange Slovensko has been a major success for all parties involved.

The management appreciates that it was
delivered within the agreed time and budget. IdM administrators thus received a modern Identity management tool.

Employees can now benefit from
the latest UI experience provided by midPoint, and Inalogy has gained valuable experience as well as a solid
reference.

Finally, the community gained a verified and capable version of midPoint 4.6, together with the new AD password agent.

Want to know more about our solutions?

287Orange Slovensko
Access mngmt
255Orange Slovensko
Identity mngmt
291Orange Slovensko
Perimeter protection
289Orange Slovensko
Privileged access mngmt