Energy producer Santos deployed NetIQ as its identity and access management system to cut the time needed to onboard new staff and contractors, and to revoke permissions once they’d moved on.
Information system security manager Andrew Speer told Micro Focus' Realize 2020 A/NZ summit that Santos had been using NetIQ for a number of years but continued to tweak and optimise the product.
He said the system was initially brought in to manage the identities of staff and contractors “throughout their lifecycle at the organisation”.
Prior to NetIQ, he said, users had different login credentials for each corporate system and there was a lack of consistency in the way each system recorded different users.
“Users had different passwords for each system and had trouble remembering the passwords,” Speer said.
“We had a lot of interaction with the service centre to reset passwords when the users had forgotten them.
“There was a lack of consistency across user information in different applications, so different titles, different full names; user information wasn't getting synchronised across systems effectively.”
Onboarding of new staff and contractors was manual and would take from several days to up to a fortnight to fully provision access to necessary systems.
“There were many service centre calls required, quite often to update information in the system when the user didn't have access,” Speer said.
“The mechanism for onboarding people would quite often take up to two weeks. We needed a way to effectively bring those timelines down, to make the user experience in accessing applications more streamlined, and to reduce the load on our service centre.”
Additionally, Speer said Santos used “a lot of contractors” and needed assurance that it had revoked their system access once they'd left.
The company also has a history of acquiring others - it only recently completed a transaction for ConocoPhillips’ northern Australia and Timor-Leste assets - and needed a way to quickly provision those users over to Santos' IT environment.
“We're involved in mergers, acquisitions and divestments quite often, and in doing so we need to get people into our organisation quickly,” Speer said.
“When they leave, or when we divest an entity from our business, we need to make sure those users leave the organisation as well.
“An identity management system allowed us to get people onto Santos’ systems, using our environment while we were still trying to work through the longer term integrations with the mergers or acquisitions we were going through.”
Santos landed on Micro Focus’ NetIQ after going to market, making the decision in part on the “many out-of-the-box connectors” the product came with.
“The solution has pretty much fit the purpose out-of-the-box,” Speer said.
“We also looked at the modularity of the solution, so we could add and remove connectors as we acquired new applications or removed them from our environment, and it was a fairly cost competitive solution.”
Santos worked with Insync Solutions on the implementation, which is set up as a managed service.
When new staff and contractors need to be onboarded, a personnel record is set up in SAP SuccessFactors (previously Oracle HR), which then feeds into NetIQ and then to downstream systems, allowing the onboarding to begin.
“When it sees a new starter, whether it's an employee or contractor, it takes that information and then provisions it to downstream systems,” Speer said.
The downstream systems included Santos’ Active Directory instances (for both its corporate and operational technology environments), Unix LDAP and Oracle databases, ServiceNow and Dell Boomi, which is an integration point to other systems.
NetIQ is set up to handle staff and contractor onboarding differently.
“Employees get full access to all Santos systems from day one, but contractors don't get access to systems until their manager approves it,” Speer said.
“Contractors are onboarded into our HR platform, they are onboarded into our NetIQ identity management vault, but they're not provisioned into downstream systems until they raise a request for access.
“That request is handled through our ServiceNow platform, a service catalogue item is raised by the manager, they request access to a downstream system, and once approved, that then goes through the NetIQ product and is provisioned as required.
“It's an automated process that saves our team a lot of work, and gives me the comfort of knowing that contractors are only getting access to systems that they need for their day-to-day jobs.”
Speer said NetIQ meant less calls to the service desk, faster onboarding of new staff and contractors as well as new IT systems, and uniform de-provisioning across all systems when a person leaves.
He also saw room for some further optimisation and clean-up of the latter process.
“We de-provision users immediately as they leave the organisation, but there's always some optimisation in the background to do things like removal from mailing lists, removing identities from groups and just generally cleaning up and making our Active Directory environment more efficient,” Speer said.
“Further on down the path, what I'd like to see is a movement to the cloud.
“Santos has got a cloud-first strategy. I'm really looking forward to Micro Focus coming up with an identity-as-a-service type solution that we can look at implementing down the track.”