Viewpoint: A tale of two cities
By Dean Wiech
Identity/password management has been a growing trend in the areas of healthcare, education and business. Lately, government agencies at the local, state and federal levels have also been taking a look.
Out of Control Passwords
St. Petersburg, Fla., currently has about 3,600 full- and part-time employees. It was having immense issues with employee password reset requests. On a daily basis, the IT help desk received 10 or more requests to reset passwords to the Active Directory (AD) network and various other applications.
Departmental leaders decided on a two-phase approach to tackle the issue. They first looked for a solution to allow end users the ability to reset their own passwords to the AD network then implemented a self-service reset password tool. The first aspect of the implementation required end users to select a series of challenge questions and provide answers to those questions. After enrollment, end users could simply click a “Forgot My Password” link on the login screen, provide the answers and reset their password accordingly.
The second phase of the password project was to reduce the number of passwords required to access internal systems. As it stood, the average employee needed to remember eight user name/password combinations while some employees had upwards of 20. Again, the city’s leaders looked to commercially available single sign-on solutions and settled on the same vendor that provided the self-service application.
The overall result for both phases of the projects was a reduction in the amount of time IT staff spends resetting passwords to nearly zero.
New HR application and new Directory Service
Tampa, Fla., faced several daunting tasks. The roll out of a new HR/financial system required that each employee had an AD account to access the application. This situation was further exacerbated because the city was running Novel eDirectory and GroupWise for email.
After purchasing a commercially available product, the basic implementation was completed in a few days. This was accomplished by taking an extract from the outgoing HR system and using the current employee list as the basis. After the HR/financial system implementation was completed, the IT group circled back to the identity management provider to put additional components in place.
First was an automated process to create and disable users. Every time a new hire is entered into the HR system, the AD account and Exchange mailbox are created without manual intervention.
Conversely, whenever an employee is indicated as terminated in the HR solution, the account is automatically disabled.
The second phase of the project was to implement a Web portal for allowing employees to request access to different security and distribution groups along with a variety of applications or specific roles within an application. An end user can login to the portal with their network credentials and be presented with a variety of options to request additional access. Once completed the request is routed to the employee’s manager for approval and then to the IT department for final approval.
In summary, both municipalities were able to utilize identity and password management solutions to allow their IT employees and end users work more efficiently overall.
Dean Wiech is managing director at Tools4ever.