This retail superstore business has more than 1,200 stores and more than 160,000 staff. Our client wishes to remain anonymous.
Our client needed to improve its collaboration, information sharing and communications by creating a new SharePoint intranet and Yammer internal social network. The system needed to be available to all of its employees, connecting many for the first time.
The problem was that most employees didn’t have AD accounts or dedicated PCs. They were unwired users.
We used Azure Active Directory (AAD) Premium to provide a cloud identity for access to the new SharePoint and Yammer systems. This could be integrated with a user’s existing on-premises identity for maximum efficiency.
“The solution reduced the amount of manual processing that the IT service team had to do. That’s a big win when you’re talking about thousands of accounts.” Technology Evangelist ThirdSpace
Founded in the 19th century, our client is a retail giant with 1,200 stores and more than 160,000 staff. 15,000 of those employees are users of IT, with accounts in Active Directory, all created using scripts and manual processes, allowing them to login to workstations and connect.
The superstore had been building an employee-focused information messaging system, effectively a new intranet, available to every employee using Microsoft SharePoint. This new system needed a security framework to allow them to have all 160,000 users authenticated. Some of these would be authenticated using the same ID and password as they used to logon to their PC. But for others they would need a new ID and password. And they needed a way to securely manage access.
ThirdSpace was recommended to the superstore by Microsoft as the ‘go to’ people for identity, access and enterprise mobility. We sent ThirdSpace consultant David Guest to talk to the superstore’s technical team.
David says: “I met the architecture and security teams. Among the many things we discussed was identity management – they understood the importance of putting this at the heart of their solution. So, when we talked about strategy, approaches, concepts and technology, I mentioned that Forefront Identity Manager (FIM) was part of the EMS (Enterprise Mobility Suite) licencing package, everything dropped into place. It was a game-changer”.
Discussions with the superstore IT team also revealed that device management was part of their long-term strategy.
David says: “They wanted to be sure that in the future, they could safeguard their data and information on any device. Using Intune and System Center Configuration Manager (SCCM) any of the devices that were ‘workplace joined’ could be used with peace of mind and data protection.
“We recommended Azure Active Directory (AAD) Premium as the cloud identity service to use to provide a single place to access cloud services and apps. In this case, SharePoint and Yammer.
“The approach taken, and the technology chosen means that device management and data protection can be added at any stage. All the elements are in place”.
ThirdSpace presented Azure Active Directory Premium to hold all 160,000+ accounts. The 15,000 users who had accounts in the on-premise Active Directory had their identities synchronised using DirSync. The remaining accounts were provisioned into the Azure Active Directory using Forefront Identity Manager (FIM). FIM would communicate with the superstore’s HR system to understand who an employee is, and from the rules defined, create an account inside Azure AD or the on-premises AD.
For the superstore, the FIM licences as part of the EMS meant they could put identity at the heart of the system. On-premise and cloud identity could become a reality with FIM to manage the automatic provisioning of the accounts into their AD.
The superstore managed the provisioning using scripts and some manual processes, with only parts of the process automated. Although this approach worked, it was not ideal, taking time to manage, and causing difficulties with scaling up – system by system.
“The new solution was highly scaleable with the potential to allow them to extend identity and access integration for other on-premise and cloud systems.”
David Guest said: “The FIM deployment reduced the amount of manual processing that the IT service team had to do. That’s a big win when you’re talking about thousands of accounts. We proposed extending FIM to remove the rest of the manual processing and make identity management and user provisioning completely automated.”
Upon completion all employee accounts were provisioned into Azure, enabling staff to access the new SharePoint Intranet, the employee portal and also Yammer.
Next, download ‘The business case for IAM’ e-Guide and become the driving force behind modernisation, cyber security and operational efficiency in your organisation.
Award-winning enterprise IT solutions.See More
We work with a range of organisations.See More
Our experts will show you how controlling identities and data is key to liberating your workforce.
Visualise your current security and privacy position, get an improvements roadmap and obtain buy-in at board level.Learn more
Eight-time winner of the Microsoft Partner of the Year Award for Identity Management, Enterprise Mobility, Security and Compliance.
Oxford Computer Group UK officially rebranded as ThirdSpace in the UK on 16 October. This rebrand reflects our broadening identity and security solutions, as working practices extend from the office and home into working flexibly and collaboratively from anywhere – Your "ThirdSpace".Continue to ThirdSpace
You are seeing this because you are using a browser that is not supported. The ThirdSpace website is built using modern technology and standards. We recommend upgrading your browser with one of the following to properly view our website:Windows
Please note that this is not an exhaustive list of browsers. We also do not intend to recommend a particular manufacturer's browser over another's; only to suggest upgrading to a browser version that is compliant with current standards to give you the best and most secure browsing experience.