Government Technology

A Tale of Two Cities: Identity and Password Management (Contributed)



St. Petersburg Florida
St. Petersburg, Fla.

September 9, 2013 By Dean Wiech

Identity and password management has been a growing trend in the areas of health care, education and business. Lately, government agencies at the local, state and federal levels have also been taking a look. Let’s look at two different large cities to learn how their leaders took successful steps to reduce the time their IT department spent on managing network user accounts.

Out of Control Passwords

The first city in our example, St. Petersburg, Fla., currently has about 3,600 full- and part-time employees. It was having immense issues with employee password reset requests. On a daily basis, the IT help desk received 10 or more requests to reset passwords to the Active Directory (AD) network and various other applications.

Departmental leaders decided on a two-phase approach to tackle the issue. They first looked for a solution to allow end users the ability to reset their own passwords to the AD network, then implemented a self-service reset password tool. The first aspect of the implementation required end users to select a series of challenge questions and provide answers to those questions. After enrollment, end users could simply click a “Forgot My Password” link on the login screen, provide the answers and reset their password accordingly. 

The second phase of the password project was to reduce the number of passwords required to access internal systems. As it stood, the average employee needed to remember eight user name/password combinations while some employees had upward of 20. Again, city leaders looked to commercially available single sign-on solutions and settled on the same vendor that provided the self-service application. 

The overall result for both phases of the project was a reduction in the amount of time IT staff spends resetting passwords to nearly zero.

New HR Application and New Directory Service

The second of the two cities in our example, Tampa, Fla., faced several daunting tasks. The rollout of a new HR/financial system required that each employee have an AD account to access the application. This situation was further exacerbated by the fact that the city was running Novell eDirectory and GroupWise for email.

After purchasing a commercially available product, the basic implementation was completed in a few days by taking an extract from the outgoing HR system, using the current employee list as the basis. After the HR/financial system implementation was completed, the IT group circled back to the identity management provider to put additional components in place.

First was an automated process to create and disable users. Every time a new hire is entered into the HR system, the AD account and Exchange mailbox are created without manual intervention. Conversely, whenever an employee is classified as terminated in the HR system, the account is automatically disabled. 

The second phase of the project was to implement a Web portal to allow employees to request access to different security and distribution groups, along with a variety of applications or specific roles within an application. When end users log into the portal with their network credentials, they are presented with a variety of options to request additional access. Once completed, the request is routed to the employee’s manager for approval and then to the IT department for final approval. 

In summary, both St. Petersburg and Tampa were able to utilize identity and password management solutions to allow their IT employees and end users to work more efficiently overall.


Dean Wiech is managing director at access management solutions software provider Tools4ever.


| More

Comments

Add Your Comment

You are solely responsible for the content of your comments. We reserve the right to remove comments that are considered profane, vulgar, obscene, factually inaccurate, off-topic, or considered a personal attack.

In Our Library

White Papers | Exclusives Reports | Webinar Archives | Best Practices and Case Studies
Cybersecurity in an "All-IP World" Are You Prepared?
In a recent survey conducted by Public CIO, over 125 respondents shared how they protect their environments from cyber threats and the challenges they see in an all-IP world. Read how your cybersecurity strategies and attitudes compare with your peers.
Maintain Your IT Budget with Consistent Compliance Practices
Between the demands of meeting federal IT compliance mandates, increasing cybersecurity threats, and ever-shrinking budgets, it’s not uncommon for routine maintenance tasks to slip among state and local government IT departments. If it’s been months, or even only days, since you have maintained your systems, your agency may not be prepared for a compliance audit—and that could have severe financial consequences. Regardless of your mission, consistent systems keep your data secure, your age
Best Practice Guide for Cloud and As-A-Service Procurements
While technology service options for government continue to evolve, procurement processes and policies have remained firmly rooted in practices that are no longer effective. This guide, built upon the collaborative work of state and local government and industry executives, outlines and explains the changes needed for more flexible and agile procurement processes.
View All

Featured Papers