Identity and Access Management

  • Intelligence Community | Security | Microsoft Infrastructure

Blackspoke’s National Security group provided operational support for an Intelligence Community (IC) customer’s SharePoint Farm that provided mission functions for a customer base of 400k users. This agency looked to consolidate its support efforts and reduce its operational costs by providing a singles-sign-on (SSO) solution to their web based content management system.

With a mandate to provide access to critical mission systems for over 400k users, our Intelligence Customer’s Operations staff was being inundated with trouble tickets to create standard user accounts with passwords to access the system. Blackspoke determined that this function resulted in over 300 tickets, taking up 40 staff hours per month. The solution was also not automated, and usage of the application started to drop due to the long delays involved in gaining access. Once granted access, users often forgot their passwords, which led to over 100 password reset tickets per month.

Blackspoke was tasked with the creation of an Identity and Access System containing all 400k identities in a single directory service that would be leveraged by the Web Application. The solution developed by Blackspoke also allowed the system to remain up to date automatically and, as users were de-provisioned from the system of record, this action would flow to the primary directory service. Blackspoke’s solution not only met the requirements set by the customer but also provided the ability for users to leverage their Agency-Issued PKI certificate for access. This allowed the Agency to report that the application was fully compliant with the security mandates of Executive Order EO13587.

  • 97% reduction in Helpdesk tickets related to the access of the Web Application.
  • Fully PKI enabled web application compliant with Executive Order EO13587
  • Reduction of staff hours dedicated to account provisioning from 45 hours to less than 2 per month.
  • Completely eliminated any password reset requests functions for the Agency (100% reduction)