Identity & Access Management System for Corte dei Conti
The information system of the Court of Auditors consists of a complex IT infrastructure, based on numerous heterogeneous components, used daily by a few thousand users, located at the headquarters of the Court distributed throughout the national territory. The development of the information system has taken place over the years in a not always uniform way, leading to a decentralized information system, composed of numerous applications intended for many small user classes, strongly differentiated according to the different institutional tasks.
This created a need for rationalization and automation of the process that guides the "life cycle" of the credentials and authorizations assigned to users of the corporate information system.
In partnership with Sistemi Informativi S.p.A., CODIN took part in the project for the construction of the IT infrastructure for the management of the identity of the Court of Auditors information system and for access control to applications for a user of around 4,000 between employees and external collaborators.
The goal of the project is to identify and define a solution, in terms of architecture, technology, procedures and best practices, capable of guaranteeing the control and management of access to the applications and data of the Corte dei Conti Information System.
The solution identified achieves the following features:
- life cycle management of system users. (Creation, modification, suspension, revocation, transfer of organizational unit);
- acquisition of users' personal data from external information sources (Trusted Source);
- management of access credentials, authorization profiles and roles assigned to system users, necessary to access external IT systems, integrated with the IDM platform;
- access management for authentication and access authorization;
- management of users and policies for access to intranet web resources.
The solution integrates several external systems, such as:
- SIAP (Personnel Administration Information System);
- SISP (Public Prosecutors Information System);
- SIQUEL (Information System for Local Authorities Questionnaires);
- SIRTEL (Telematic Reporting Information System);
- Network and Group users directory (Active Directory) and Oracle Internet Directory (OID).
The Identity and Access Management platform was created with Oracle products (Oracle Identity Manager, Access Manager, Directory Server and Oracle Generic Technology connector), custom connectors in JAVA technology and ad hoc Web Services.
As part of the project, CODIN took care of the following services:
- analysis of the technical and organizational context;
- design and implementation of a system prototype;
- analysis, design and implementation of the high reliability IAM system;
- integration with external systems: SIAP, SISP, SIQEL, SIRTEL, Active Directory and OID.
The project intervention led to the achievement of the following benefits:
- unified consoles that are simple and immediate to use, for the centralized management of identities and access authorizations.
- integration with Federated Identity systems;
- management of the integrity, quality and availability of data in compliance with the processes and policies of the organization, while simultaneously protecting the data from unauthorized access.