Manual identity management: slow and difficult to control
Zábřeh Municipal Office had been dealing with complex and time-consuming user account management. Every account creation or change required manual intervention and coordination between the IT and HR departments, and it was not easy to keep track of who had access to what. There was also no way for employees or managers to request or approve access themselves.
Employees and external users often faced delays in getting the right permissions, while in other cases access rights remained assigned even after the engagement had ended. Everything was handled manually, using spreadsheets and email. This approach led to inconsistencies and potential security risks.
“It took up a great deal of our time, and it was not easy to verify whether everyone really had only the permissions they needed.“
— Veronika Kašparová, Head of the IT Department at Zábřeh Municipal Office.
The new solution: automated, secure, and intuitive
The office launched a public procurement process for an IDM solution because it needed the key capabilities IDM provides — above all, simpler provisioning and deprovisioning of user accounts. Put simply, the goal was to make sure the right people had access to the right resources at the right time.
“By implementing Orchitech’s Wren:IDM, we gained an automated system that efficiently synchronizes user accounts across our key systems. Thanks to integrations with JIP/KAAS, E-spis, and other systems — including systems that are still managed manually — we were able to unify access management and significantly simplify onboarding and employee changes. The workflows and user self-service we introduced enabled fast, transparent approval of requests, improving both security and operational efficiency. The deployed solution fully met the office’s requirements and expectations. The system is clear and intuitive — it really could not be any simpler for users!”
— Veronika Kašparová, Head of the IT Department at Zábřeh Municipal Office.
From the first steps to a successful rollout
The office’s IT department and the Orchitech team worked closely together from the very beginning.
“Orchitech has extensive experience in identity and access management, and our cooperation with them was professional and consistently delivered at a very high expert level.“
— Veronika Kašparová, Head of the IT Department at Zábřeh Municipal Office.
During the preparation phase, it became clear that the role structure in the HR system did not match the original access matrices. We therefore had to use the actual state of assigned permissions in the production environment as the baseline.
Many of the systems had no test environments, so part of the solution validation had to be carried out in production. Several rounds of dry-run testing ensured that the system was fully ready before go-live.
Another issue was that one of the systems returned invalid HTTP responses, which had to be escalated with the vendor. Situations like this are among the main risks to IDM project timelines, as delays can occur whenever a third-party provider does not cooperate promptly.
What the IDM deployment delivered
The newly deployed IDM solution now covers the full identity lifecycle — from the moment HR enters a new employee into the HR system to account blocking when employment ends.
“The project’s main benefit has definitely been the shorter time needed to provision new users, together with the ability to assign and manage access rights easily based on user roles. This reduces the workload on the IT department and increases user satisfaction.”
— Veronika Kašparová, Head of the IT Department at Zábřeh Municipal Office.
The new system:
- automates changes in user administration and access rights,
- provides clear, auditable HR, approval, and system workflows,
- offers a single interface for user self-service,
- eliminates manual errors such as incorrect or duplicate entries,
- simplifies auditing and reporting for identities and their access rights.
“Over the past year, working with Orchitech has been the best experience we have had across all our projects. We appreciated their responsive communication, willingness to find solutions, and the depth of expertise in their well-coordinated team“
— IT Department members at Zábřeh Municipal Office.
