The Dubai Department of Health and Medical Services (DOHMS) operates to global standards of excellence in healthcare. With 10,000 staff, it needed a secure identity management system to manage its estate and best serve its employees. To better control its disparate systems, the department implemented a single identity management solution using Microsoft® Identity Integration Server (MIIS) 2003—recently adopted into Microsoft Identity Lifecycle Manager 2007.

Business Needs

DOHMS is responsible for primary and tertiary healthcare services in the emirate of Dubai. It provides healthcare services to an international standard for a population of 1.4 million. Employing around 10,000 people over multiple sites, the department faced numerous challenges in managing digital identities in its heterogeneous IT environment. Its IT department needed to maintain a secure system while ensuring that new employees—whether clerical or healthcare professionals—had rapid access to e-mail, relevant IT resources, and line-of-business applications.

Ahmad Ali Al-Dashti, Head of IT Operations, DOHMS, says: “Every day we received requests for 15 to 20 new users and those resigning. Systems administrators had to spend up to 10 minutes on each one to define their department, roles, and systems access privileges. They also had to separately contact a member of human resources (HR) to find out where the new user will be located.”

But rationalising identity management with a new system was likely to be challenging. The principal technical problem lay in how to design and implement a new solution that would continuously manage the digital identities in the organisation across several core IT systems. Al Dashti says: “The existing system often failed to remove user or contractor systems access when it was no longer required.”

The need to create an auditable and repeatable process for granting and withdrawing system access was of particular concern to DOHMS because it posed potentially huge security risks if ex employees could still access the IT service after they had left the department.

Solution

In February 2007, DOHMS contracted Dubai-based Microsoft Certified Partner Inobits ME, based in South Africa, for a new identity management system. The project was completed in July 2007. At the core of the solution proposed by Inobits ME was Microsoft Identity Integration Server (MIIS) 2003, which has recently been incorporated into Microsoft Identity Lifecycle Manager 2007 (ILM 2007). ILM 2007 provides an integrated and comprehensive solution for managing the entire lifecycle of user identities and their associated credentials.

DeWet Klopper, General Manager, Inobits ME, says: “MIIS 2003 provides directory information aggregation and synchronisation as well as the ability to create and remove system account access within the DOHMS infrastructure.” To ensure integrity and authority of identity information, the solution monitors the DOHMS HR information repository, provided by the government, to get an accurate collection of authoritative information about DOHMS employees.

“When a user is added or updated in the HR system,” says Klopper, “the solution uses the information system to update the other integrated systems.” The initial deployment focused on various critical systems within DOHMS including Active Directory® services, Health Information Systems (HISs), and DataStream.

Included in the deployment were two custom developed components, the first of which was an “employee self service” application that ensures users can view and update selected personal information. “This provides a way for employees to update information not always found in HR databases, such as mobile phone numbers,” says Klopper.

Due to a requirement for human evaluation of the rules regulating the DataStream system access, an application was created to assist with the request and approval process. However, once the accounts are established within DataStream, the MIIS 2003 automatically keeps the accounts updated and enforces any changes in entitlement.

Benefits

DOHMS now has systems with consistent personal and organisational information that is updated continuously. The manual and duplicated effort of creating system accounts has also been reduced. The ability to identify and promptly revoke system access where required has already helped ease security concerns. Sina AbdulAziz Khoory, IT Director, DOHMS, says: “It is imperative for us as an IT service department to provide the best possible service to our users. MIIS 2003 helps us to more effectively serve our users and customers. Integration and automation are areas of strategic focus that help us to capitalise on existing investment while reducing manual overhead and effort.”

• Integration with the in-house HR system running on Oracle. By using a single set of data synchronised with the HR system, DOHMS now has an authoritative source to update accounts in other systems.
• Improved productivity. Previously, IT staff had to create accounts manually in three different systems, wasting between three days and two weeks a year for staff members. Now all IT needs to do is activate the account and the right information is provided automatically.
• Time savings. DOHMS managers estimate that system administrators save 10 minutes per user for 20 users every day. As a result, they can concentrate on higher value work including server maintenance and new projects.
• Standardised information. The department has consolidated ID information for its staff because identity, office log on, and telephone log on is all the same.
• Better mailbox management. DOHMS now automatically knows which mailboxes are redundant and has improved security and control over its estate.
• Mature business partnership. Inobits ME invested considerable time in understanding the issues and requirements of provisioning and decommissioning accounts.

For more information about other Microsoft customer successes, please visit: www.microsoft.com/resources/casestudies

All rights reserved. This case study is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY

Top of page