Henkel KGaA

Identity Management Enables Global Manufacturer to Streamline IT Processes , Manage Provisioning Remotely

Henkel KGaA is a Fortune Global 500 company headquartered in Düsseldorf, Germany. Henkel operates in three strategic business areas - Home Care; Personal Care; and Adhesives, Sealants and Surface Treatment. The company employs about 51,000 people, 80 percent of whom work outside of Germany, and markets its products in 125 countries.

Customer Challenges

Protect internal company data
Implement a cross-system identity management solution
Control provisioning to existing applications such as SAP, Active Directory, and Lotus Notes while providing remote access

Solution

Sun Java System Identity Manager controls provisioning to key existing applications. With a Web-based front end, the solution provides new workflow and self-service functions as well as remote access. Over the next two years, all IT access authorizations for the Henkel Group's global workforce will be integrated into the Identity Manager system.

Business Results

Central identity management system for all IT access authorizations for global workforce based on open standards, which reduces administrative costs through increased security and extended functions
A flexible, future-proof standard tool that could also be operated by other trained and authorized employees in the event of personnel bottlenecks
Auditing conformity based on recording all amendments in log files

Products and Services

Sun Java System Identity Manager

Story Details

Who's who, what can they access, and what can they do once they have access? These may seem like simple questions. But today, organizations realize the potential damage that could result from unauthorized people abusing internal company data. Controlling access to a business' information systems requires a complex system of rules. Depending on company size, observing these rules requires a lot of time on the part of administrators -- which translates into high costs.

The Henkel Group, with a portfolio that includes U.S.-based Dial Corporation as well as many well-known European brands, decided it was time to strengthen the organization's security by implementing a new identity management system.

" I am very pleased with Sun Identity Manager. It will enable Henkel to administer all IT accounts within our globally utilized applications and help us comply with heightened security requirements. "

— Joachim Dahl , Manager Server and Directory Services, Henkel KGaA

The company's mainframe-based system that was used for administering employee identities was developed in the early 1990s. Since then, Henkel's mainframes were replaced by client-server systems. It would have taken three to five man-years to adapt the company's identity tool for use in a client-server architecture. Opting for such a solution might have met the technical requirements, but the result would have been a proprietary system that would present ongoing personnel issues. The company decided to seek a solution based on open standards.

"Our aim was to implement a central identity management system with global access," says Roland Stahl, Directory Services system engineer. "We also needed to be able to use new functionalities not included in our previous system, such as workflow and self-service functions."

In addition to the technical aspects, a primary consideration for Henkel when evaluating identity management systems was total compliance with legislative and commercial requirements, ensuring a high level of auditing conformity. Following a market survey that lasted more than a year, it was apparent to the company that the Sun Java System Identity Manager was the only system to meet all the stipulated requirements.

The key implementation data speaks for itself: Based on current plans, approximately 35,000 of Henkel's total workforce of 50,000 will be allocated a profile in Identity Manager, which will be remotely administered in the central system. So far, the applications that have been completed include:

SAP systems with Enterprise Resource Planning (ERP) applications for the administration of central business processes
Lotus Notes for e-mail communication
Active Directory as a directory service for administering user and group codes and workstation computers file and print services.

Once the project is completed, a total of twelve applications will be accessible via Identity Manager.

The software's flexibility allowed it to be quickly integrated into individual processes within the company. After just nine months, access procedures for 15,000 Henkel employees were already being handled using the new identity system, which runs on two Linux servers.

"The amount of time required was minimal for such an extensive project," Stahl notes. This was largely due to the fact that employee information was already available in a meta-directory that Henkel had recently implemented.

It took just two weeks for Stahl and another programming department employee to become familiar with the Identity Manager software. The fact that the software solution uses agentless connectors reduced project costs and saved time.

All necessary identity management functions -- setting up, administering, monitoring, and deleting access authorizations -- are now carried out via the Web front-end of Identity Manager. Although administrators in Henkel's international offices administer the employee accounts locally, the actual processing and data maintenance takes place in Henkel's German headquarters. Rather than using a separate tool for each IT system, as was the case previously, administrators now have to operate only a single console, optimizing their own work processes because of the solution's workflow and self-service functions.

"Sun Java System Identity Manager has met all our requirements," says Joachim Dahl, Henkel's manager of server and directory services. "This project represents a major step toward improving our data protection."