Success Stories

Technical University of Darmstadt: Manage users effectively

Written by Uwe Eisinger | November 17, 2016

Work more productively and securely: Supported by IBsolution, the Technical University of Darmstadt (TU Darmstadt) has introduced a cross-system user administration. A risk matrix ensures the separation of functions for authorizations.

 

   

“We wanted to create a lean, comprehensive user administration and operate it independently together with a compliance solution. IBsolution supported us in this and gave us comprehensive advice, so that we are now standing on our own two feet.”

Eleonore Braun, Project Manager, Technical University of Darmstadt

 

 

As an internationally oriented university, the Technical University of Darmstadt enjoys a high reputation – even beyond the borders of the country. In Germany, it has always ranked among the very best universities in terms of research and teaching. But with more than 4,200 employees, the administrative workload of 21,000 students is constantly increasing – a challenge for the information systems.

Exchanging data quickly and securely

The University Computing Center plans and operates the central information and communications infrastructure. Here, several teams control the systems for science and administration. In addition, the SAP Technology Team of the University Computing Center is part of the SAP Competence Center of Hessian Universities (CCHU). With several thousand users, a uniform user ID is essential at a large university.

Until now, the University Computing Center has managed users via different system landscapes. This resulted in complex and sometimes time-consuming processes. File-based data exchange between SAP ERP Human Capital Management (HCM) and NetIQ eDirectory (formerly Novell eDirectory) was cumbersome. “Our solution was simply inefficient and outdated,” says deputy project manager Silke Kubelka. The goal was to easily and effectively manage employees across all systems. The solution: SAP Identity Management (IdM).

Fast workflows, efficient reporting

For the project, the Technical University of Darmstadt chose IT service provider IBsolution as its implementation partner. “IBsolution quickly won us over with its extensive know-how and many years of expert knowledge in the area of SAP Identity Management,” says Eleonore Braun, project manager at the Technical University of Darmstadt and the SAP CCHU Technology Team. The Heilbronn-based consulting company worked with the university’s computing center staff to introduce automated, cross-platform user management. The project team linked SAP IdM with NetIQ eDirectory to create a consistent database.

Everything under control in a short time

Despite the tight schedule, the SAP Special Expertise Partner and the SAP Technology Team succeeded in getting the first version ready for launch within just two months. By the time of go-live, the project team had further improved the system connection, simplified workflows and made reporting more efficient. Preconfigured processes and best-practice functions facilitated the launch during ongoing operations, and IBsolution was able to implement the individual needs of the University Computing Center without any major programming effort. In addition, the consultants extended the solution to include SAP BusinessObjects applications. For reporting, the University Computing Center uses SAP Crystal Reports, which gives it a secure overview of all authorizations and user data.

Designing processes securely

Even before going live, IBsolution conducted extensive workshops at the University Computing Center. “We can now operate the solution ourselves without any problems – thanks to training that was perfectly tailored to us and the accompanying coaching from IBsolution,” says Eleonore Braun. As a result, the employees of the University Computing Center were able to work with the new software quickly – and the investment in SAP IdM had paid off in no time.

SAP Identity Management can also enrich user profiles with additional personal data from NetIQ eDirectory. Thanks to a simplified workflow, each new employee immediately receives his or her access data. Further access is requested directly by the departments without paper forms and approved by the supervisors. If, on the other hand, an employee leaves, the user account is automatically deactivated. All processes are documented in an audit-proof manner.

Check for risks and separation of functions

Even at universities, it is becoming increasingly important to comply with legal requirements against economic crime and data protection mishaps. The same applies to the design of audit-proof processes. To this end, the Technical University of Darmstadt relies on Compliant Identity Management. To this end, the project team introduced SAP BusinessObjects Access Control and integrated it into SAP IdM. This puts the university on the safe side: Together with the key users, the University Computing Center can more easily check the authorizations of the SAP systems for functional separation and potential risks.

Correcting role conflicts automatically

The system uses a predefined risk matrix to prevent critical authorization combinations among users. SAP IdM checks all new user IDs in SAP Access Control directly for the defined separation of functions – and does so as soon as they are assigned. If there are no risks, authorization is granted. With SAP Access Control, potential role conflicts can be automatically identified and immediately corrected. In this way, the Technical University of Darmstadt can relax in the face of future legal requirements.

 

   

“Together with IBsolution, we have established a new infrastructure that fits our needs exactly. Even complex data transfers and risk assessments now run as if from a single source.”

Silke Kubelka, Deputy Project Manager, Technical University of Darmstadt

 

Photo: Thomas Ott/Technical University of Darmstadt