Our client (who wishes to remain anonymous) is a major retail organisation with more than 1,200 stores and 160,000 staff.
It needed to improve its collaboration, information sharing and communications by creating a new SharePoint intranet and Yammer internal social network. The system needed to be available to all of its employees – connecting many for the first time.
The problem was that most employees didn’t have AD accounts or dedicated PCs. They were unwired users.
We used Azure Active Directory (AAD) Premium to provide a cloud identity for access to the new SharePoint and Yammer systems. This could be integrated with a user’s existing on-premises identity for maximum efficiency.
“The solution reduced the amount of manual processing that the IT service team had to do. That’s a big win when you’re talking about thousands of accounts.” Technology Evangelist ThirdSpace
Founded in the 19th century, our client is a retail giant with 1,200 stores and more than 160,000 staff – 15,000 of those employees are users of IT, with accounts in Active Directory. All accounts were created using scripts and manual processes, to allow them to login to workstations and connect.
The superstore had been building an employee-focused information messaging system, effectively a new intranet, available to every employee using Microsoft SharePoint. This new system needed a security framework to allow them to have all 160,000 users authenticated. Some of these would be authenticated using the same ID and password as they used to logon to their PC. But for others, they would need a new ID and password. And they needed a way to securely manage access.
Download 'Adapt or perish: The stark choice for retailers who need to boost security and empower workers' and discover:
ThirdSpace was recommended to the superstore by Microsoft as the ‘go to’ people for identity, access and enterprise mobility. We sent ThirdSpace consultant David Guest to talk to the superstore’s technical team.
David says: “I met the architecture and security teams. Among the many things we discussed was identity management – they understood the importance of putting this at the heart of their solution. So, when we talked about strategy, approaches, concepts and technology, I mentioned that Forefront Identity Manager (FIM) was part of the EMS (Enterprise Mobility Suite) licencing package. Everything dropped into place. It was a game-changer”.
Discussions with the superstore IT team also revealed that device management was part of their long-term strategy.
David says: “They wanted to be sure that in the future, they could safeguard their data and information on any device. Using Intune and System Center Configuration Manager (SCCM), any of the devices that were ‘workplace joined’ could be used with peace of mind and data protection.
“We recommended Azure Active Directory (AAD) Premium as the cloud identity service to use to provide a single place to access cloud services and apps. In this case, SharePoint and Yammer.
“The approach taken, and the technology chosen, means that device management and data protection can be added at any stage. All the elements are in place”.
ThirdSpace presented Azure Active Directory Premium to hold all 160,000+ accounts. The 15,000 users who had accounts in the on-premise Active Directory had their identities synchronised using DirSync. The remaining accounts were provisioned into the Azure Active Directory using Forefront Identity Manager (FIM). FIM would communicate with the superstore’s HR system to understand who an employee is and, from the rules defined, create an account inside Azure AD or the on-premises AD.
For the retailer, having the FIM licences as part of EMS meant they could put identity at the heart of the system. On-premises and cloud identity could become a reality with FIM to manage the automatic provisioning of the accounts into their AD.
The superstore managed the provisioning using scripts and some manual processes, with only parts of the process automated. Although this approach worked, it was not ideal, taking time to manage and causing difficulties with scaling up – system by system.
“The new solution was highly scaleable with the potential to allow them to extend identity and access integration for other on-premises and cloud systems.”
David Guest said: “The FIM deployment reduced the amount of manual processing that the IT service team had to do. That’s a big win when you’re talking about thousands of accounts. We proposed extending FIM to remove the rest of the manual processing and make identity management and user provisioning completely automated.”
Upon completion, all employee accounts were provisioned into Azure; enabling staff to access the new SharePoint Intranet, the employee portal and also Yammer.
Next, download ‘The business case for IAM’ e-Guide and become the driving force behind modernisation, cyber security and operational efficiency in your organisation.
Learn how to to balance user satisfaction and best-in-class security.
Envision a secure future, with appropriate data protection and breach response plans.Apply for free workshop
Eight-time winner of the Microsoft Partner of the Year Award for Identity Management, Enterprise Mobility, and Security and Compliance.
You are seeing this because you are using a browser that is not supported. The ThirdSpace website is built using modern technology and standards. We recommend upgrading your browser with one of the following to properly view our website:Windows
Please note that this is not an exhaustive list of browsers. We also do not intend to recommend a particular manufacturer's browser over another's; only to suggest upgrading to a browser version that is compliant with current standards to give you the best and most secure browsing experience.