Retail giant goes shopping for enterprise mobility: Identity management at the heart of connecting people and systems

The problem was that most employees didn’t have Active Directory accounts or PCs, as they were unwired users.

We used Azure Active Directory (AAD) Premium to provide employees with a cloud identity for access to SharePoint and Yammer, which could be integrated with a user’s existing on-premises identity for maximum efficiency.

Results

Thousands of users and a painful credentials process

Our client is a retail giant with 1,200 stores and more than 160,000 staff – 15,000 of those employees are users of IT, with accounts in Active Directory. All accounts were created using scripts and manual processes, to allow them to log in to workstations and connect.

The superstore had been building an employee-focused new intranet, available to every employee using Microsoft SharePoint. This new system needed a security framework to authenticate all 160,000 users.

Some of these would be authenticated using the same login details they used to log on to their PC. But others would need a new ID and password, and a way to securely manage access.

Planning a solution based around FIM, and creating a strategy for data protection and device management

Microsoft recommended Kocho as the ‘go to’ people for identity, access, and enterprise mobility. Kocho consultant David Guest then went to talk to the superstore’s technical team.

David says: “I met the architecture and security teams. Among the many things we discussed was identity management […] I mentioned that Forefront Identity Manager (FIM) was part of the EMS (Enterprise Mobility Suite) licencing package. Everything dropped into place. It was a game-changer.”

Discussions with the superstore IT team also revealed that device management was part of their long-term strategy.

This could be achieved with Intune and System Center Configuration Manager (SCCM). This way, any devices could be ‘workplace joined’ and could be used safely and securely.

“We recommended Azure Active Directory (AAD) Premium as the cloud identity service to use to provide a single place to access cloud services and apps. In this case, SharePoint and Yammer.”  – David Guest, Solution architect and technology evangelist, Kocho

Creating an identity synchronisation platform that works for all wired and unwired employees

Kocho presented Azure Active Directory Premium to hold all 160,000+ accounts. 15,000 users had accounts in the on-premises Active Directory. These identities were synchronised using DirSync.

The remaining accounts were provisioned into the Azure Active Directory using Forefront Identity Manager (FIM).

FIM would communicate with the superstore’s HR system to understand who an employee is and, from the rules defined, create an account inside Azure AD or the on-premises AD.

On-premises and cloud identity could become a reality with FIM to manage the automatic provisioning of the accounts into their AD.

All employee accounts were then provisioned into Azure; enabling staff to access the new SharePoint Intranet, the employee portal, and also Yammer.