Case Study: Enterprise Identity and Governance Design

Case Study: Enterprise Identity and Governance Design

Watch the video to deepen your understanding.

Subscribe

Complete the full lesson to earn 25 points

Work through each section, then tap “Mark as Complete” on the last one.

Section 1 of 3

✦ Skip the page breaks and see fewer ads — read each lesson on a single page with Pro

Lesson: Case Study - Enterprise Identity and Governance Design

Introduction: The "Why" of Identity Governance

In modern enterprise architecture, identity is the new perimeter. As organizations migrate to hybrid-cloud environments, the complexity of managing who has access to what, and why, grows exponentially.

Identity Governance and Administration (IGA) ensures that the right people have the right access to the right resources at the right time. A robust design prevents privilege creep, satisfies regulatory compliance (like GDPR, HIPAA, or SOX), and minimizes the attack surface. This lesson explores a real-world scenario where an enterprise transitions from manual, fragmented identity management to an automated, policy-driven governance framework.


The Case Study: GlobalCorp’s Digital Transformation

Scenario: GlobalCorp, a multinational retail firm, has 50,000 employees and relies on a mix of on-premises Active Directory (AD) and Azure Active Directory (Entra ID). They are suffering from "access bloat"—employees retain permissions from roles they vacated three years ago—and IT tickets for access requests take an average of five days to process.

Phase 1: Centralized Identity Strategy

GlobalCorp decides to implement a Zero Trust model. They shift from a "trusted network" approach to an identity-centric approach.

Practical Example: Implementing Lifecycle Management Instead of manually creating accounts, GlobalCorp integrates their HR Information System (HRIS), like Workday, with their Identity Provider (IdP).

  • Joiner: When HR adds a new employee, a SCIM (System for Cross-domain Identity Management) event triggers account provisioning.
  • Mover: If an employee changes departments, the system automatically triggers a "de-provision" of old access and an "auto-provision" of new access based on the new role.
  • Leaver: Immediate termination of all tokens and access upon HR status change.

Phase 2: Role-Based Access Control (RBAC) vs. Attribute-Based (ABAC)

GlobalCorp moves away from assigning permissions to individual users. Instead, they implement Role-Based Access Control (RBAC) coupled with Attribute-Based Access Control (ABAC) for granular security.

  • RBAC Example: A user in the "Finance" role gets access to the Finance SharePoint site.
  • ABAC Example: A user in the "Finance" role can only access the Finance SharePoint site if they are connecting from a managed device and during business hours.

Section 1 of 3
PrevNext