One of our most important tasks was to automate all the processes that we could. With Active Roles, this has been a great success.
Falkenberg chose One Identity Active Roles to enable efficient management of user accounts, groups and directories in Active Directory. The IT team deployed Active Roles on premises to maintain full control, using the HR system as the data source of record.
Today, Active Roles helps municipality managers administrate identities and privileges for all employees and 6,000 public school students in separate instances of Active Directory. Torbjörn Larsson, CIO of Falkenberg Municipality, says, “Active Roles allows incremental deployment one department at a time and lets you test any changes before implementing them, giving you visibility of who did what in the system. Those are excellent features.”
Falkenberg managers quickly adopted Active Roles, which is localized into Swedish, and found the solution to be highly efficient. “Secure portals give even non-technical managers full control of user roles and privileges,” Larsson says. “Active Roles runs by itself, which gives me more time in my day.”
Automations with Active Roles are invaluable for efficient user management in Falkenberg. Active Roles integrates bi-directionally with the Swedish tax authority’s system to automatically exchange employee status updates. “One of our most important tasks was to automate all the processes that we could,” says Larsson. “With Active Roles, this has been a great success.”
Automated workflows were especially helpful during the pandemic, when in-person meetings were impossible. “Streamlining onboarding, provisioning and deprovisioning of users were some of our largest undertakings with Active Roles, and they worked very smoothly,” Larsson adds.
Student account management is also simpler with Active Roles automations. General Data Protection Regulation (GDPR) integrity laws prohibit the storage of personal data, requiring student data to be removed at the end of their studies. Larsson explains, “We can easily assign students to security groups, connect them to teachers, transition their settings across school years and close their accounts when they graduate.”
Active Roles and One Identity Safeguard will reflect the municipality’s security policies and comply with GDPR provisions. “Every user is a security risk, even if their access level is low,” Larsson explains. “One Identity Active Roles and Safeguard will help us maintain our Zero Trust approach to identity management, including monitoring contractors and vendors who have access to our systems.”
Larsson often shares insights on user and access management with his peers in KommITS, an organization of Swedish public sector IT managers. “First they think Active Roles is just an add-on to Active Directory,” he notes. “But when we show them how secure and usable it is, and how easily they can deploy it to other managers and departments, they see its value.”