Manufacturing Industry
World's Largest Hybrid Entra ID Transformation
A global manufacturing powerhouse managing 569,371 identities with 4.3 million group membership changes per month.
A Global Manufacturing Powerhouse
An instantly recognizable global manufacturing powerhouse. Electricity, gas, power, digital, financial services—the list goes on. With over 350,000 employees in more than 200 regions/countries, they have a business presence in almost every country in the world.
The Challenge
- 569,371 person identities across the world's largest hybrid Entra ID/AD landscape
- 4.3 million group membership changes per month
- 298,858 Entra license requests per month
- 544,231 Azure Guest accounts + 361,516 Azure member accounts
- Identity lifecycle managed by over 140 external service providers with direct AD access
- Complex hybrid migration from on-premise to Entra ID at massive scale
Initial Situation
The client's existing situation saw their identity lifecycle being manually or semi-automatically managed by over 140 external service providers—all of whom had direct access to Active Directory. Consequently, they struggled to enforce any agreed standards and conventions for object management in Active Directory.
Because they lacked a consistent identity management process, two major problems existed: lengthy account creation processes and idle time for affected employees.
EmpowerID Solution
Zero Trust Transformation at Scale
Phase 1: Infrastructure
Focused on building the necessary infrastructure for future expansion and establishing an interface to their corporate directory. EmpowerID configured data synchronization based on their corporate directory as the golden source, implementing logic to detect joiner-mover-leaver (JML) events.
- Real-time JML automation
- Day 1 access for new employees
- Customized data quality reports
Phase 2: Fine-Grained Permissions
Introduced fine-granular permission management using EmpowerID's polyarchical RBAC combined with ABAC authorization model, UI customizations, and custom identity dashboards for admins and OSPs.
- Hybrid RBAC/ABAC architecture
- Automated AD updates from corporate directory
- Custom admin dashboards
Phase 3: Office 365 & ServiceNow
Extended to include O365 mailbox permissions, custom mobile usage reports, Office 365 license management with request fulfillment, and ServiceNow integration.
- O365 license management
- ServiceNow integration
- Mobile client audit reports
Key Technologies
- Zero Trust Entra application onboarding
- Real-time processing of millions of changes
- Hybrid RBAC/ABAC at unprecedented scale
Measurable Results
Award-Winning Transformation
KuppingerCole European Identity Conference 2021 Award Winner for "IAM at Scale"
