Šumperk Hospital a.s. is a general hospital providing extensive inpatient and outpatient care. With nearly 2,000 employees and almost 200 external partners and students, the hospital operates in a complex environment where accurate and timely permission settings are critical for both security and operational continuity.
The challenge
The hospital’s HR system was not integrated with Microsoft Active Directory (AD), as identity and user account management was handled largely manually. This resulted in several issues:
- user account administration was complicated and time-consuming;
- AD accounts were created, updated, and disabled manually based on email or paper requests;
- requests for new system permissions were processed through an internal HelpDesk, slowing down operations;
- manual changes were slow to implement and prone to human error;
- due to the risk of errors, accounts and access rights had to be reviewed manually at regular intervals.
The solution
To address all of these challenges, we deployed an IDM solution that serves as an integration layer between the HR system and Active Directory. The system manages access through:
- daily synchronization of data from the Vema Cloud HR system;
- automated account creation, updates, and deactivation in AD;
- permission management in target systems through AD groups;
- a dedicated UI for access requests and approvals;
- self-service password reset with SMS code verification;
- a complete audit trail of all relevant operations and changes.
Key solution features:
- If an individual has multiple employment contracts, they are managed as a single identity.
- The IDM manages employees, contractors, as well as students.
- Access rights can be tied to specific employment contracts or to a defined time period.
- Approvers can assign delegates to act on their behalf during absences.
- When a user’s name changes, the system prepares a new username and delays activation by 7 days, while notifying the user in advance so they can prepare for the change.
- The system provides reports on user access, compliance, approved access requests, and application/role owners. Furthermore, it sends daily event summaries and monitors the HR system for any changes.
The benefits
- Reduced error rates and IT workload through automated identity lifecycle management. Changes in HR data are reflected in AD, and when a contract ends, the system immediately revokes all associated permissions.
- Enhanced control and security, and easier audit through clear and fully auditable entitlement management. For every access right, it is possible to demonstrate exactly who requested it, who approved it, which contract it relates to, and its duration.
- Less pressure on IT support thanks to a self-service portal. Users can handle routine tasks themselves, meaning IT no longer needs to manually process every access change or password reset.
The deployment of the IDM system at Šumperk Hospital demonstrates how automated identity management can fundamentally simplify IT operations while boosting security and auditability. By integrating the HR system directly to Active Directory, the hospital has minimised manual intervention, accelerated access management, and prepared the organisation for evolving legislative requirements.
“The implementation of IDM has brought significant time savings for our IT team, reduced error rates, and provided a clear audit trail for managing the lifecycle of users and their access rights. We also appreciate the constructive cooperation with the Orchitech team and their fast response to urgent situations.”
— Josef Loupanec, Head of IT, Šumperk Hospital a.s.
The IDM system was procured through a public tender as part of project CZ.06.01.01/00/22_003/0000038 – “Podpora kybernetické bezpečnosti pro Nemocnici Šumperk a.s.ˮ and this project was funded by the EU.
