Global Retailer Uses eControl to Enhance Novell Identity Manager Implementation
"Prior to installing eControl, we had to assign supervisor Trustee Rights to over 20 staff members to allow them to manage Novell GroupWise, eDirectory and our file systems. With over 70,000 user accounts in our identity management vault and 3,000 users in our production tree, having that number of people with supervisor rights was a significant security and audit challenge."
A leading global retailer has deployed eControl to enhance its Novell Identity Manager implementation. This retailer's distribution network covers all major world markets, including both wholesale and retail sectors. The company enjoys one of the largest and most efficient networks in its industry, with approximately 5,500 stores worldwide.
The retailer uses PeopleSoft and Novell Identity Manager to provision and synchronise accounts for approximately 70,000 users in 130 countries connected to servers running Novell NetWare, GroupWise, OES, Windows, Linux and other operating systems.
They added eControl to their system to decrease the number of accounts with supervisor rights on their systems, to improve security and regulatory compliance, to deliver a complete audit log of all user account changes in Novell GroupWise and eDirectory, to manage extended eDirectory schema values and to enable junior administrators to perform a restricted set of user management tasks from a browser.
eControl fulfills these requirements without having to assign service desk operators and non-technical staff ANY Trustee Rights in eDirectory, GroupWise and the file system.
"Prior to installing eControl, we had to assign supervisor Trustee Rights to over 20 staff members to allow them to manage Novell GroupWise, eDirectory and our file systems. With over 70,000 user accounts in our identity management vault and 3,000 users in our production tree, having that number of people with supervisor rights was a significant security and audit challenge," said a spokesperson for the retailer.
"We needed a solution that would allow us to eliminate these excessive rights, generate comprehensive audit logs of user account management changes, and manage our extended eDirectory schema values. As a 24 x 7 global retailer, the solution needed to be robust and flexibile enough to reflect our specific enterprise requirements."
"With high turn-over in support staff, we needed a solution that would be easy to use and that would empower non-technical people to carry out user account management tasks securely with minimal training."
The retailer implemented Omni eControl as the ideal complement to their Novell Identity Manager deployment because it delivered:
- Web-based, "ZERO Rights" solution: eControl allows junior administrators and service desk operators to perform a delegated, restricted set of user account management tasks – resetting passwords, managing GroupWise distribution lists, managing extended schema values, releasing intruder lockout and others – without ANY rights in Novell GroupWise, eDirectory or the file system. eControl users usually require fewer than 15 minutes of training to master eControl's intuitive web-based interface.
- Improved security and regulatory compliance: eControl allows you to completely lock down your security environment. eControl users require NO Trustee Assignments, NO permissions, NO access to the file system, NO System Access Rights and NO access to ConsoleOne, NWAdmin or iManager. Disabling and expiring accounts can be securely delegated to HR personnel or junior support staff. Administrators can enforce strong password policies and reduce the risk of regulatory exposure and security liability.
- Complete archivable audit log: eControl's complete audit trail enables administrators to track and report on all account changes.
- Extended schema value management: eControl's configurable XML-driven interface provides complete flexibility to allow administrators to efficiently add fields or otherwise modify existing forms. This allows delegated staff to view and/or manage extended schema values that are populated from PeopleSoft into eDirectory by Novell's Identity Manager.
- Complement to Novell Identity Manager: As changes are made in eControl, Novell Identity Manager synchronises the changes across the retailer's multiple systems.
"We received an immediate return on our eControl investement. We went from having over 20 administrators with various levels of supervisor Trustee Assignments in eDirectory, GroupWise and the file system to only two," said the company spokesperson.
"eControl has profoundly changed the way we manage our systems. eControl allows us to revise our account management processes to better reflect our business needs. We can now securely delegate account management tasks to non-technical staff without any security concerns. We can now generate audit logs of all user account management changes and provide granular user change reports."
"The initial installation took under two hours to complete. The technical support team at Omni was outstanding. Given the complexity of our systems, there were a number of modifications that were required. The Omni development team responded immediately to our enhancement requests. I can't speak highly enough about our satisfaction with the eControl team."
"With eControl, administrators now use a single, easy-to-use, web-based tool, rather than a combination of ConsoleOne, NWAdmin and iManager. There are now only two senior administrators who have supervisor rights anywhere in our system. I am very pleased with the flexibility that eControl provided to allow us to customise the interface and task assignments to meet our specific needs. Our eControl deployment has received enthusiastic support and appreciation from our senior management, audit and security departments and service desk staff."
"We highly recommend eControl as an ideal complement to Novell Identity Manager. eControl has helped our company deliver on its enterprise network mandate and management needs."