We are very happy to have participating in an ambitious identity and access management project for Barcelona by Serveis Municipals (B: SM), a project that places them at the forefront in terms of security, specifically in the areas of protection of the information and in identity management and access control.
Barcelona de Serveis Municipals (B: SM) is a company of the Barcelona City Council in charge of providing municipal services. The activities it manages include aspects related to mobility, or the management of facilities dedicated to culture, leisure and biodiversity.
It is an entity that handles a high volume of sensitive information and needed to protect efficiently, complying with the new RGPD (General Data Protection Regulation) and ENS (National Security Scheme), which are mandatory for administrations and companies. public. In addition, it required a solution for the precise and automated management of everything related to user administration, from provisioning or synchronization to identity consistency or authentication processes to avoid identity theft.
“B: SM needed a solution to delegate, manage, automate and secure access to Active Directory (AD) and ADFS (Active Directory Federation Services) among various administrator groups. Also, do it in a segmented way, with change control, protecting sensitive or critical data, and ensuring that corporate policies are effectively complied with ”.
We have offered the answer to these needs in the field of identity and access management with Soffid.
SOLUTION WE FOCUS ON FROM SOFFID
In March 2020, the on-premise deployment of Soffid began, something that has allowed them to develop a centralized management and orchestration of their identity and access management policies.With a maximum level of security, Soffid proposes a single convergent tool from where it is possible to carry out automated management of users and accesses in your Active Directory, your Exchange mail server – which is in the process of migration to Azure – and in Office 365 as a productivity environment. In addition, it also integrates with your HR management system: Meta4.
This is a very significant advance with respect to the starting situation, in which both the registration of users in Meta4 and the access management were carried out semi-automatically (in Active Directory and Exchange) or totally manually (in the case of applications).
Now, Soffid allows automated registration based on profiles. In this way, when a new user is created, accesses to their email account are automatically generated and their personal folder is also created, which is shared on the network so that it can be accessible from any point by activating a specific feature of Windows (Distributed File System or DFS). This is a crucial aspect in mobility and telework situations.In addition, you are also granted access permissions to the corresponding applications according to your profile and regardless of your domain.
This last point is important for the management of users and accesses of employees of companies in which B: SM has a stake, such as the Tibidabo Amusement Park (PATSA).This initiative, which reaches 1,200 B: SM employees, has not only simplified and streamlined the processes related to user and access management (additions, deletions and modifications), but also involves raising the guarantees of access to a maximum level. security and government, since everything is registered and audited in Soffid.
THE ROLE OF THE EMPLOYEE
One of the aspects that has been key in both projects has been to ensure the role that people play, even in the phases prior to implementation.Advances such as the use of Soffid’s role-mining function are contemplated in these possible phases, which, based on the accesses that users have in a certain position, creates an algorithm to define – automatically and intelligently – the permissions associated with that specific role.
On the other hand, and in order to gain agility and increase the level of user involvement in security, the implementation of a self-service portal is being considered.
This would allow them to self-manage their passwords or incorporate a strong two-factor authentication system, either via token, SMS, etc. The use of Soffid as a single sign-on solution is also being evaluated, which would allow B: SM to extend Microsoft’s federated authentication to other environments and applications.