Customer Insights

This case study examines the enterprise Identity Management implementation undertaken at the Queensland Department of Education and Training in partnership with UNIFY Solutions. This study is the second in the series which provides an insight into the execution of the Identity Management implementation plan to achieve the Target Architecture discussed in the 1st case study on strategy and building the compelling business case.

To achieve great things, two things are needed; a plan and not quite enough time.

Leonard Bernstein
Executing a multi-year strategy requires a sustained effort and strong partnerships between the business, the IT branch, strategic partners and vendors.

As a result of the long term, productive partnership between UNIFY Solutions and the Department of Education and Training; teachers, students and staff now have 24 x 7 online access to the information and applications needed to support teaching and learning in the 21st Century.

The future challenge and opportunity for the Department is to evolve the IDM platform to meet the increasing demand for access to digital services anywhere, anytime, on any device. Having a trusted strategic partner providing independent advice, certified IDM specialists and trainers, ensures the Department is in a strong position to meet these challenges and opportunities now and into the future.

Develop a synchronisation matrix linking related Identity Management projects with other core initiatives with linked dependencies

A critical input into the Synchronisation Matrix was the IDM implementation sequence of components and deployment schedule phased across multiple years in consultation with key business units. The introduction of effective, streamlined security and authentication processes in order to provide secure, simplified access to information and services as envisaged by the ‘Smart Classrooms’ strategy in 2005 was realised in 2009.

Sequence and schedule any multiyear phased work plan in consultation with key impacted business areas.

Each of these major initiatives created either an upstream or a downstream dependency on the identity and/or access management components of the IDM system. To document, track and de-conflict these dependencies, an eBusiness Program Office was established in the Office of the CIO to provide governance and coordinated oversight of these initiatives. Two key outputs of the eBusiness Office were a high level roadmap and planner for schools and business units and a detailed Synchronisations Matrix which mapped each dependency, assigned owners and held quarterly forums of Senior Responsible Owners to provide updates and mitigate impacts of schedule changes.

Be prepared to use tactical responses to bridge critical requirements during deployment.

Each school had access to view their data only and the tool was refreshed overnight which enabled schools and the data quality team to check progress. Schools were scheduled and if needed rescheduled depending the quality of their user identity data. Full achievement of the Identity Target Architecture was a four-year journey for the Department during which time there were a number of business critical applications deployed including a new centralised school administration system, major HR system upgrades, SAP Finance integration, eLearning systems, etc.

Develop a readiness program to improve data integrity using a dedicated team with user and technical support reps.

To meet this challenge and ensure the readiness of schools and business units prior to the rollout of IDM, a dedicated data quality team was established to support schools to address data errors prior to the deployment.

As a tactical response to assist schools in lifting the data quality, a web based tool was built to provide schools with a view of all local users and key identity attributes. The tool marked and colour coded any data errors, duplicates and other identity issues which then alerted the local Identity champions to correct in the school management system.

Establish an Identity Management Project Office to ensure alignment internally within the Department and externally with central agencies

An IDM Project Office was established in partnership with UNIFY Solutions to ensure alignment with Department and Queensland Government Enterprise Architecture (QGEA) Policies. The key roles and responsibilities of the IDM Project Office were to:

IDM Project Office

  • Define and document the IDM business rules, policies, dependencies, and governance.
  • Deploy a provisioning capability to support all Staff and Students within the new Managed Operating Environment (MOE) being rolled out to all 1300 schools.
  • Develop an Access Management Framework to support business critical applications including a departmental intranet, enterprise email and internet access and eLearning systems which were then used as a mandatory business requirement for the subsequent tender process.
  • Procurement of an Identity and Access Management solution in alignment with the IDM Strategy; including a deployment and support model.
  • Integration of key Primary Systems including HR, and the school management system(s).
  • Ongoing integration of systems based on business priorities.

A significant challenge to the implementation was the lack of a single authoritative source for users and the required identity attributes with a further complication being the quality of data in multiple repositories and directories resulting in high numbers of duplicate identities and key attribute errors.

Chunk the Identity Management Target Architecture into phases based on business priorities and achievability

In order to execute the IDM implementation plan, the Department established the ICT Support Services for Schools (ISSS) Program to lead the implementation of an enterprise platform. The ISSS Program acted as a Program Delivery Office (PDO) and was responsible for the coordinated delivery to every school and business unit, the following:

  • Development and deployment of a new Managed Operating Environment across the entire fleet of 200,000+ workstations, 2000+ servers, 12000+ network switches and routers
  • Establishment of a central IT Service Centre
  • Network bandwidth maximisation
  • Identity Management

The first three initiatives were essential precursors to the IDM implementation. The PDO acted as a scheduling authority and conducted detailed forward planning to ensure sufficient lead time for readiness activities and the availability of specialist resources at the point of implementation which occurred in sequence at each of the 1300+ locations.

Establish links with the Program Delivery Office or equivalent to ensure coordinated delivery of IDM and interrelated / dependent IT initiatives
Map the current ‘as Is’ environment in detail to establish a base line and track and manage progress towards the ‘to be’ Target Architecture

In response to this complex, distributed, unmanaged environment, a future state IDM system was defined as an integrated system of business processes, policies, and technologies that would enable teachers, students and staff access to departmental applications and resources — while protecting confidential personal and business information from unauthorised access.
The system would provide user registration, streamlined security and authentication processes, access rights and restrictions, account profiles, passwords, and other attributes required to support a ‘single student record’ and provide students, teachers, staff and eventually parents a secure, simplified access to information and services appropriate to their role.

Define Identity Management in the context of the organisation

UNIFY Solutions were appointed as the primary Identity Management Strategic Partner in 2006 following the release of a tender and establishment of EDPSA -132 - Identity Management Specialists.

Share this content:
Visit Us