Challenges:
> Standardization and automation of the creation of accounts and rights
> Smooth and secure management of rights on arrival, during movements and departure
> Traceability of assigned rights
Solution:
> cyberelements Identity
Benefits:
> Structuring of access rights allocation processes
> Agile management of accounts and authorizations
> Reinforcement of access security levels
cyberelements Identity is a structuring solution which enables us to standardize and automate the creation of access rights and securely manage employee entry and exit flows. It's a pillar in our process security, which also brings real comfort to both the IT team and users.
Challenges
GIMA (Groupement International de Mécanique Agricole) is one of the world’s leading manufacturers of transmission systems for agricultural tractors. GIMA is a 50/50 joint venture for two of the world’s top five agricultural machinery companies: AGCO and CLAAS. GIMA designs and manufactures a wide range of high-tech products (gearboxes and rear axles from 75 to 396 hp) for agricultural machinery manufacturers AGCO and CLAAS.
GIMA relies on the expertise and know-how of over 700 employees to produce an average of 20,000 transmissions a year. GIMA’s IT department is made up of 15 people, whose mission is to guarantee the operation and security of the company’s networks, hardware, telephony and industrial applications. The IT team supports the office and workshop teams, ensuring the fluidity and robustness of GIMA’s information system. The main challenge facing GIMA’s IT department was to standardize and automate the creation of accounts and access rights to various IT resources, while enhancing security.
Solution
To tackle this challenge, Frédérique Baroux, Project and Support Manager, and Fabrice Le Bouquin, IT Manager, looked for an identity management solution. cyberelements Identity, an IAM solution whose organizational approach combines the RBAC, ABAC and ORBAC models, was chosen by GIMA. It enabled them to meet the challenge by structuring their processes and modeling their standards.
- Standardization of AD account characteristics
- Compliance with existing standards
- Limit direct access to AD
- Seamless and secure management of employee entry/exit flows
- Fluid, secure management of employee mobility to avoid duplication of rights following changes of department.
- Enhanced account actions traceability throughout its lifecycle: Access rights are assigned to the right person at the right time.
Deployed for the past 2 years at GIMA, the cyberelements Identity solution is mainly used to manage AD accounts, file server access rights and business application access. Its integration with the GLPI tool enables ticket generation, ensuring a high level of rigor, particularly through the use of workflows.
Structuring processes for granting access rights
Two repositories feed cyberelements Identity upstream. The IT department therefore worked closely with the Human Resources department to optimize and restructure the account creation and rights allocation processes, streamlining profiles, correcting inconsistencies and eliminating non-standard rights in order to standardize the account creation process.
This collaboration made it possible to list the most frequently used rights, and to create a rights matrix accordingly, resulting in ready-to-use authorization rules.
Today, the account creation process is fully automated for standard rights. The IT team retains manual allocation for more specific rights, but is working with the various business departments to continue refining the standards and avoid specific rights wherever possible.
Agile account and authorization management
By automating access rights allocation, the IT department receives fewer access requests to process manually particularly during employee mobility (arrivals and changes of department). This is an undeniable time-saver for the teams, who no longer have to manage these changes via tickets or telephone. They can concentrate on other projects.
Advanced workflow functions can be used to set up notifications confirming that an employee’s account has been provisioned and send their manager their login details.
“When an employee leaves, a workflow notifies the IT department that the account has been de-provisioned, through a ticket”.
Based on cyberelements Identity‘s ORBAC model, GIMA now benefits from agile and reliable management of personnel mobility (arrivals, departures, etc.), enabling rights to be assigned automatically as soon as the change is effective. In fact, certain rights can be managed directly at organizational level, offering speed and efficiency.
Enhanced access security
Interfacing cyberements Identity with the HR repository ensures data reliability when creating accounts and assigning rights. Repositories can even be resynchronized at any time.
cyberements Identity offers tracking and control functionalities that enable GIMA to demonstrate, during IT audits, that departure processes are secure, by providing all the evidence expected by auditors.
Thanks to the workflow mechanism, when an employee leaves, a GLPI ticket is created which remains open until the rights are de-provisioned. This avoids dormant accounts and the accumulation of rights, by deleting rights as soon as the employee has left the company.
cyberements Identity, with its automation, synchronization, traceability and workflow functionalities, has become one of the pillars of our process security. IT is now an indispensable tool for the IT team.