Laitram worked with Integral Partners as a trusted advisor to learn best practices to help implement their Identity Governance and Administration program—improving identity access accuracy and security while transforming employee lifecycle management.
Laitram Machinery, a larger manufacturer of industrial systems for food processing, was looking to better managing its large workforce’s access to information technology systems. Their process included manual processes when managing employee identities, and they wanted to introduce automation that would improve security, consistency, and efficiency.
Laitram worked with Integral Partners to implement IAM and IGA in a three-phased project that combined advisory services, professional services, and the deployment of the Saviynt platform. We worked together to guide and mentor the team and enhance their IGA program.
⦿ Education and mentoring
⦿ Implement Saviynt IGA solution
⦿ Integration of their HR system with Microsoft Active Directory (AD)
⦿ Role mining, certification reviews, and lifecycle governance
⦿ SharePoint Online and Microsoft 365 integration
Industrial Machinery & Equipment, Manufacturing
Identity Governance & Administration
Education & Mentoring
Build an IGA Program
The IGA tool Saviynt was implemented at Laitram as the hub of their IAM program.
An IGA solution was implemented to replace manual processes, automate, improve accuracy, and reduce risk.
Building an IGA Program
Laitram L.L.C., a global manufacturer across several industries, wanted to improve the way it managed their workforce’s access to information technology (IT) systems. The operations of the 70-year-old Louisiana-based company had grown significantly in recent years and become increasingly complex. They were seeking to improve their digital identity provisioning, management, and oversight, to further improve security and become more efficient.
The Laitram team’s processes for creating and managing user identities had become cumbersome over the years and in some areas required manual, inefficient intervention. They sought to update their processes to make them more efficient, especially as the company continued to grow and add contingent workers like contractors.
They also wanted to instill an authoritative source for information on employees and contingent workers. Without authoritative employee data, it was harder to guarantee that an identity record would match human resource records. Employee names, for example, might be spelled one way in the identity process and another in the company’s SOR (system of record) for employees.
The biggest room from improvement came in managing the employee lifecycle. The company’s “joiner, mover, and leaver” (JML) processes required some manual intervention to create file shares, provision default access, disable/enable access upon job changes, and most importantly, facilitate departures. They realized that as the company continued to grow, they needed to automate some of these workflow processes.
Requests to change access privileges, such as when an employee moved to a new department and required access to a new set of applications, were areas that Laitram was looking to automate. The focus was on increasing productivity and access request fulfillment. The new system also had to ensure that employees didn’t have unauthorized access to data they no longer needed.
Solution: Working with a trusted advisor to roadmap and implement a multi-stage IAM/IGA process
Laitram worked with Integral Partners to implement an IAM and IGA solution in a three-phased project that combined advisory services, professional services, and deployment of the Saviynt platform. A key reason Integral was chosen was the breadth of expertise across all areas of Identity and the platforms that support them.
To start, Laitram wanted to fully understand what a successful IGA program should look like. They needed a trusted partner who they could rely on when making important business decisions that were impacted by changes in their Identity program. A big part of the project early on would include mentoring on IGA concepts and best practices for the team. As the project has progressed, this proved invaluable as Laitram now understands where they are headed and are prepared to make the right decisions to support the business.
Phase 1 — Integrating IAM/IGA systems and establishing basic IGA processes
In Phase 1, Integral Partners connected the existing HR-to-AD integration to the IGA solution. This initial phase involved collaborating with the Laitram team to mentor them on IGA concepts and shift their overall way of thinking about managing identities. After that, the work proceeded to the integration of Saviynt with the HR system (as the authoritative source for identities) and Microsoft Active Directory. This step is necessary for setting up the authoritative source of identity data. In parallel, the Laitram and Integral Partners teams tuned AD’s configuration and switched off several MIM functions that were not necessary for the company’s next steps in IAM and IGA.
Integral partners deployed the Saviynt Enterprise Identity Cloud solution in Phase 1. Doing so enabled Laitram to make progress on IGA processes, putting the authoritative identity data to use. This applied to both employees and contractors. With Saviynt, Laitram now had the framework in place to define basic user entitlements and ‘birthright provisioning;’ a key step with IAM and IGA that they had not taken before.
With Saviynt now online, Laitram became able to more effectively execute a contractor identity review process to validate active contractor identities and access, allowing Laitram to establish governance on the identity lifecycle of contractor identities. The Laitram team could now use a single system to facilitate and enforce identity policies across the JML stages of an individual’s tenure with the company.
Phase I also provided an audit capability, which is essential for an effective IGA program.
Phase 2 — Operationalizing IAM/IGA processes
Phase 2 was about operationalizing the IAM/IGA processes that had been set up in Phase 1. Further integrations and processes were established as well. Phase 2 built on the foundation created in Phase 1 to remove more of the manual processes.
The JML processes defined during Phase 1 were foundational and setup future work. During Phase 2, a lot of the time was spent further refining and building upon the processes for employee and contractor lifecycle workflow, which was captured and implemented in Saviynt.
Integral Partners set up an automated process to create accounts not just in Active Directory for all employees in the HR system, but also in their business-facing applications. This cut down on errors, provided a standard account creation naming convention, and saved a tremendous amount of time. Other lifecycle enhancement and automation examples include automated email account assignments, name-change processing, and account disablement for departures.
Phase 3 — Further expansion and integration
Phase 3 included further expansion of the IAM/IGA JML policies and practices, in conjunction with more integration of relevant business systems. For example, Saviynt integration with ServiceNow streamlines and automates much of the JML processes. This integration allows all stakeholders; including employees, contractors, and IT/security team members, to generate access requests for IGA processes currently supported by Saviynt. Integral Partners worked closely with Laitram’s ServiceNow team to generate custom entry points for all these access requests, using Saviynt to automate the fulfillment whenever possible.
The employee lifecycle and JML workflows were a core focus area for Phase 3. For movers, i.e., people changing jobs, the new systems handle FTE-to-Contractor (and vice-versa) conversions from the workforce, and the removal or addition of relevant access privileges based on the employee’s new department.
For leavers, the IAM/IGA system automates many of the tasks associated with closing out an individual’s accounts and the removal of their access entitlements.
IAM & IGA Essentials
Learn the terms, tools, and how to build a solid IGA (and overall IAM) strategy
Laitram now has a functioning IGA program – they’ve left most manual processes behind for automation and uniform identity policies. Employee data is consistent across systems. As employee data changes, such as email addresses and phone numbers, this data transfers automatically from HR to AD and Saviynt—a big time saver and the end of what had been a headache for different teams at the company.
Laitram’s security team is now even more efficient and effective. Employees are being onboarded quickly. Transfers between jobs do not cause delays in system access that might hold back productivity. Security risks arising from manual processes have been greatly reduced.
Security enhancements include governance over identities (and outliers), reporting on “last logon,” as well as removal of terminated users from departmental access. Disabled user accounts are now in the correct AD group. The automation of account holds and manager retention of emails, functions that are adjacent to security and compliance, are now established.
The Laitram team is now able to enhance and customize the JML account lifecycle program logic to meet business requirements.
Laitram started this project with the goal of gaining a better understanding of IGA processes and solutions. They found a partner that could help guide and mentor the team as they worked toward enhancing their IAM program. Laitram has now automated many of their previously manual processes; saving time, improving accuracy and efficiency, reducing risk, and allowing employees to focus on more productive business activities.