In 2013, the group launched a major initiative to gain control of and streamline Identity and Access Management (IAM). After two years of intensive mapping of systems, access rights, and system ownership—combined with automation across several areas—the group established a robust and secure IAM solution. The solution is continually refined and made more resilient, and it still runs on IdentityStream’s platform.

From manual work to automation

For SpareBank 1 Sør-Norge ASA, the work began with a thorough mapping exercise.

“At that time, we had around 1,200 employees with access rights to several hundred systems. The service desk first mapped every system we used. Then we identified everyone who had access to those systems. The third step was to assign a system owner to each system. Finally, we identified which systems would benefit from automated provisioning—and how we could migrate existing access rights to the new platform,” says Erlend Moen, Team Lead, Platform & Applications.

IAM is a framework of policies and technologies that ensures the right users have the right access to technology resources. When SpareBank 1 Sør-Norge began digitizing access control, they used Excel and a Notes database to keep track of all roles, systems, and access rights. At the time, as many as 20,000 access requests per year were routed to a single person who had to handle all access changes manually.

“We went through two employees in that role before we switched to IdentityStream. After the new solution was launched, employees were more motivated, they had time freed up to do more advanced work, and they stayed longer in the role. One of the team members has been working on this for nine years now,” says Moen.

When the new platform went live, the benefits were immediate. The bank significantly reduced unnecessary access rights, lowered the risk of inadvertent errors for both the company and employees, and achieved a meaningful reduction in licensing costs.

“It was night and day. We gained full control, the automation worked as intended, and the joiner–mover–leaver (JML) processes were handled properly by the system. With all the additional modules, it has become a critical part of our enterprise management platform,” says Moen.

Green light at audits

Banking and finance is among the most heavily regulated industries, and it has also become increasingly digital over the past 15 years. Banks issue loans, manage capital, and handle highly sensitive information about both individuals and businesses. This is where Identity and Access Management (IAM) becomes essential. Not every employee should have access to all data about all customers. Loan disbursements must be approved by two employees, and so on.

IdentityStream CEO Tore Olav Kristiansen has followed the project at SpareBank 1 Sør-Norge from day one—so he knows the banking industry and the IAM platform well.

“One of the biggest challenges in banking and finance is that laws and regulatory requirements are constantly changing. At the same time, there are many distinct functions, and each function should have its own access rights. This combination requires a flexible system that can be updated quickly to meet new requirements,” says Kristiansen.

Seamless and invisible delivers satisfied users

A well-implemented IAM solution is largely invisible. Over the years, IdentityStream has worked to integrate the platform with as many standard banking applications as possible. This enables employees at SpareBank 1 Sør-Norge to use the systems they need—without having to think about how access is provisioned, just in time, through an automated IAM solution.

The bank’s IT and service desk teams, however, are very aware of the benefits of IdentityStream’s software. In conversations with other organizations in the industry, they find that flexible solutions like theirs are in short supply.

Moen and the rest of the team also saw that they could expand the IAM platform with additional modules from IdentityStream. Among other things, IT and HR became active requesters, and the bank’s solution was extended with an incident register, an anti-money laundering (AML) solution, improved internal request workflows, change risk management, and IdentityStream’s flexible forms solution.

From limited visibility to full control

“One of the best things about the solution is its reporting. I use it all the time—for example, to compile lists when HR needs to know who works at which offices, or to get an overview of which employees have which mobile subscriptions. We’ve also heard that IdentityStream is working on dashboard capabilities, and we’re looking forward to that,” says Moen.

But the cloud is the future, he adds.

“Going forward, we’ll collaborate with IdentityStream on Microsoft 365 and Lifecycle Manager. Among other things, we’ll look at the lifecycle of Teams sites to ensure they don’t live forever, as well as how we should handle guest users in our internal organization. Microsoft’s tooling is still too limited today,” says Moen.

Always moving forward

Through its early investment in a small, growing company, the bank has helped build local expertise and support Norwegian jobs in an otherwise international field.

A high degree of mutual trust and collaboration characterizes the relationship between IdentityStream and SpareBank 1 Sør-Norge.

“IdentityStream has been with us throughout this project. They’re highly specialized in their field and know access management very well. They help us think clearly, and when we propose solutions, they have the competence to challenge us—which we really appreciate,” says Moen.

The collaboration has lasted more than twelve years, and Kristiansen is very pleased with a customer that continuously pushes them forward.

“The collaboration has been invaluable for us. Moen and his team have always wanted to expand the use of our platform; they are solution-oriented and challenge us technologically. In my experience, they stay very up to date on the technology landscape that affects them. Through the trust we’ve built, we also stay more current on technology changes. We wouldn’t be where we are today without the collaboration with SpareBank 1 Sør-Norge,” says Kristiansen.