A Tale of Two Cities: Identity and Password Management (Contributed)

The IT departments in two Florida cities streamlined user identity and access management, gaining efficiencies across the enterprise.

by Dean Wiech / September 9, 2013
St. Petersburg, Fla.

Identity and password management has been a growing trend in the areas of health care, education and business. Lately, government agencies at the local, state and federal levels have also been taking a look. Let’s look at two different large cities to learn how their leaders took successful steps to reduce the time their IT department spent on managing network user accounts.

Out of Control Passwords

The first city in our example, St. Petersburg, Fla., currently has about 3,600 full- and part-time employees. It was having immense issues with employee password reset requests. On a daily basis, the IT help desk received 10 or more requests to reset passwords to the Active Directory (AD) network and various other applications.

Departmental leaders decided on a two-phase approach to tackle the issue. They first looked for a solution to allow end users the ability to reset their own passwords to the AD network, then implemented a self-service reset password tool. The first aspect of the implementation required end users to select a series of challenge questions and provide answers to those questions. After enrollment, end users could simply click a “Forgot My Password” link on the login screen, provide the answers and reset their password accordingly. 

The second phase of the password project was to reduce the number of passwords required to access internal systems. As it stood, the average employee needed to remember eight user name/password combinations while some employees had upward of 20. Again, city leaders looked to commercially available single sign-on solutions and settled on the same vendor that provided the self-service application. 

The overall result for both phases of the project was a reduction in the amount of time IT staff spends resetting passwords to nearly zero.

New HR Application and New Directory Service

The second of the two cities in our example, Tampa, Fla., faced several daunting tasks. The rollout of a new HR/financial system required that each employee have an AD account to access the application. This situation was further exacerbated by the fact that the city was running Novell eDirectory and GroupWise for email.

After purchasing a commercially available product, the basic implementation was completed in a few days by taking an extract from the outgoing HR system, using the current employee list as the basis. After the HR/financial system implementation was completed, the IT group circled back to the identity management provider to put additional components in place.

First was an automated process to create and disable users. Every time a new hire is entered into the HR system, the AD account and Exchange mailbox are created without manual intervention. Conversely, whenever an employee is classified as terminated in the HR system, the account is automatically disabled. 

The second phase of the project was to implement a Web portal to allow employees to request access to different security and distribution groups, along with a variety of applications or specific roles within an application. When end users log into the portal with their network credentials, they are presented with a variety of options to request additional access. Once completed, the request is routed to the employee’s manager for approval and then to the IT department for final approval. 

In summary, both St. Petersburg and Tampa were able to utilize identity and password management solutions to allow their IT employees and end users to work more efficiently overall.

Dean Wiech is managing director at access management solutions software provider Tools4ever.

Platforms & Programs