ThirdSpace ThirdSpace
ThirdSpace Contact Us
Close 0 Reset Search Run Search What are you looking for? Type at least three characters to search. Filter Search Results
  • All Content
  • Blog
  • Page
  • Case Studies
  • Event
  • Resources
  • News
  • Careers
  • Access Centre
  • Technologies
  • Workshops
  • Service
  • Solutions
  • People
Load more

Retail giant goes shopping for enterprise mobility: Identity management at the heart of connecting people and systems


Our client (who wishes to remain anonymous) is a major retail organisation with more than 1,200 stores and 160,000 staff.

It needed to improve its collaboration, information sharing and communications by creating a new SharePoint intranet and Yammer internal social network. The system needed to be available to all of its employees – connecting many for the first time.

The problem was that most employees didn’t have AD accounts or dedicated PCs. They were unwired users.

We used Azure Active Directory (AAD) Premium to provide a cloud identity for access to the new SharePoint and Yammer systems. This could be integrated with a user’s existing on-premises identity for maximum efficiency.


  • All employees have secure and managed access to the superstore collaboration portal.
  • Automated provisioning of accounts and access for the new intranet portal reduced the burden of manual provisioning users and groups.
  • The identity service can be used for other cloud applications and services.
  • Sharing information and ideas is faster and more comprehensive.
  • Strong foundations have been laid for the future.
“The solution reduced the amount of manual processing that the IT service team had to do. That’s a big win when you’re talking about thousands of accounts.” Dave Guest Technology Evangelist ThirdSpace

The problem

Founded in the 19th century, our client is a retail giant with 1,200 stores and more than 160,000 staff – 15,000 of those employees are users of IT, with accounts in Active Directory. All accounts were created using scripts and manual processes, to allow them to login to workstations and connect.

The superstore had been building an employee-focused information messaging system, effectively a new intranet, available to every employee using Microsoft SharePoint. This new system needed a security framework to allow them to have all 160,000 users authenticated. Some of these would be authenticated using the same ID and password as they used to logon to their PC. But for others, they would need a new ID and password. And they needed a way to securely manage access.

Adapt or perish: The stark choice for retailers – Free e-Guide

Adapt or perish: The stark choice for retailers – Free e-Guide

Download your free e-Guide and discover:

  • The key trends and challenges shaping the retailer of tomorrow
  • How the latest tools can improve staff retention and customer experiences
Download e-Guide

Planning a solution, creating a strategy

ThirdSpace was recommended to the superstore by Microsoft as the ‘go to’ people for identity, access and enterprise mobility. We sent ThirdSpace consultant David Guest to talk to the superstore’s technical team.

David says: “I met the architecture and security teams. Among the many things we discussed was identity management – they understood the importance of putting this at the heart of their solution. So, when we talked about strategy, approaches, concepts and technology, I mentioned that Forefront Identity Manager (FIM) was part of the EMS (Enterprise Mobility Suite) licencing package. Everything dropped into place. It was a game-changer”.

Discussions with the superstore IT team also revealed that device management was part of their long-term strategy.

David says: “They wanted to be sure that in the future, they could safeguard their data and information on any device. Using Intune and System Center Configuration Manager (SCCM), any of the devices that were ‘workplace joined’ could be used with peace of mind and data protection.

“We recommended Azure Active Directory (AAD) Premium as the cloud identity service to use to provide a single place to access cloud services and apps. In this case, SharePoint and Yammer.

“The approach taken, and the technology chosen, means that device management and data protection can be added at any stage. All the elements are in place”.

The solution

ThirdSpace presented Azure Active Directory Premium to hold all 160,000+ accounts. The 15,000 users who had accounts in the on-premise Active Directory had their identities synchronised using DirSync. The remaining accounts were provisioned into the Azure Active Directory using Forefront Identity Manager (FIM). FIM would communicate with the superstore’s HR system to understand who an employee is and, from the rules defined, create an account inside Azure AD or the on-premises AD.

For the retailer, having the FIM licences as part of EMS meant they could put identity at the heart of the system. On-premises and cloud identity could become a reality with FIM to manage the automatic provisioning of the accounts into their AD.

The superstore managed the provisioning using scripts and some manual processes, with only parts of the process automated. Although this approach worked, it was not ideal, taking time to manage and causing difficulties with scaling up – system by system.

“The new solution was highly scaleable with the potential to allow them to extend identity and access integration for other on-premises and cloud systems.”

David Guest said: “The FIM deployment reduced the amount of manual processing that the IT service team had to do. That’s a big win when you’re talking about thousands of accounts. We proposed extending FIM to remove the rest of the manual processing and make identity management and user provisioning completely automated.”

Upon completion, all employee accounts were provisioned into Azure; enabling staff to access the new SharePoint Intranet, the employee portal and also Yammer.

Next, download ‘The business case for IAM’ e-Guide and become the driving force behind modernisation, cyber security and operational efficiency in your organisation.

Subscribe to the ThirdSpace mailing list and get your free buyer’s guide to Microsoft Enterprise Security

Subscribe to the ThirdSpace mailing list and get your free buyer’s guide to Microsoft Enterprise Security

Submit your business email to join our mailing list and we'll send you 'A buyer’s guide to Microsoft Enterprise Security'.

You may also like...


Building strong foundations for digital transformation


How to solve identity and access headaches caused by HCM SaaS solutions


Adapt or perish: The stark choice for retailers

Discover the key trends and challenges shaping the retailer of tomorrow – e-Guide.

Download e-Guide

Need some help?

Send us your questions or feedback.

Friendly folks are standing by!

Contact Us
Award-winning solutions Award-winning solutions

Eight-time winner of the Microsoft Partner of the Year Award for Identity Management, Enterprise Mobility, and Security and Compliance.

ThirdSpace Please upgrade your browser

You are seeing this because you are using a browser that is not supported. The ThirdSpace website is built using modern technology and standards. We recommend upgrading your browser with one of the following to properly view our website:

Windows Mac

Please note that this is not an exhaustive list of browsers. We also do not intend to recommend a particular manufacturer's browser over another's; only to suggest upgrading to a browser version that is compliant with current standards to give you the best and most secure browsing experience.