A global loyalty and engagement company chose Avatier to automate user provisioning across 22 Active Directory domains, dramatically accelerating onboarding and reducing security risks.
Affinion Group is an international company based in Connecticut with approximately 4,500 global users that had 22 different website domains. Onboarding and offboarding of employees/users are now performed 100% manually by a small IT staff. Access to email, the network, and other systems is performed manually by staff through SLA requests. This is time-consuming and creates risk for errors. The time for new employees to become productive varies, taking days or weeks. Employees leaving the company have to be offboarded manually. The extended time it takes to remove their network access leaves the company vulnerable to security risks. Chris Dunning, who replaced the outgoing VP IT several years ago, drove an initiative to get the company’s 22 different Active Directory (AD) domains consolidated into one global AD domain. At the same time, the company was moving from multiple HR systems to one single system, Talent Central. Dunning decided the time was ideal to automate access and identity management and communicated that to Affinion’s leadership. Dunning explains the situation in his own words: “What I needed was one tool that could wrap around the HR and AD environments and provide automation, reporting, end-to-end user provisioning for the company. And given the fact that we were already using Avatier for Password Management, the product was already in house and integrated into our infrastructure. Adding the additional components for user provisioning and ultimately SSO was a great opportunity.”
This whole exercise wasn't about headcount savings as much as security, improving the response time, being able to do things much faster and efficiently.
After partially integrating the Avatier solution and automating the base role, which includes user access to four systems every employee requires, 20% of user provisioning will be fully automated. This will make a significant impact for Affinion Group because onboarding and offboarding users will be tremendously faster, more simplified and more secure. Access to the base role — including email, the company’s network, HR system, and the main portal — will be instantaneously given or taken away. New employees will communicate, learn, and become productive much faster. Avatier’s small IT team will no longer onboard and offboard each new employee manually, giving the staff time to focus on creating additional automated roles. Once all roles are completed, 80% of user provisioning at Affinion will be fully automated. Only 20% will be customized for users based on their specific needs. Affinion’s new SSO screen, the Avatier Launchpad, is being customized and branded with help from Avatier. When completed, users will manage their systems and applications via Launchpad using an SSO password, which will automatically synchronize with the AD. Automated user provisioning will greatly increase the speed at which new employees can access the systems they need to communicate and be productive. It will also reduce security risks when employees leave the company, as well as risks of errors when granting and removing accesses manually. In addition, it reduces strain on IT staff, giving the staff more time to focus on higher-level work.