Digitisation is driving new developments in the retail market that enable employees to work better, faster and easier. However, they often need (additional) access and rights to applications in your company’s IT environment – and that, of course, raises security issues. Especially as the digital identities of franchisees’ employees are external identities, which is why organisations need to exercise extra caution when granting them access and rights. Moreover, separate rules apply to externals’ data. This blog discusses how retailers and franchisees can prevent risk and improve their control of external identities.
Maintaining control of external identities
There are certain risks involved in not being in firm control of the lifecycle of your external identities. For example, if access isn’t revoked at the end of the work period, you run the risk of accounts and access rights remaining open – even after the external employee has stopped working in your store. This can create security risks that you can easily avoid by setting up the onboarding and offboarding processes properly, for example.
What can also happen is that an external employee won’t have access on the first day of work because the processes for assigning access and rights to the digital (external) identity are insufficiently aligned with the onboarding process. As a result, new external employees can face inconvenient delays while getting starting in their new job. This can lose you time and money and should therefore be resolved at all costs.
Sometimes, external employees are given too much access. Simply because someone wanted to make sure a colleague had easy access and therefore granted more authorisation than necessary.
Why do things go wrong?
The retail market is finding it increasingly difficult to implement a robust strategy for external identities. The reason is simple: the process of onboarding external employees into the organisation isn’t aligned with the company’s standard HR processes. More and more organisations are now discovering this and realising that it delays the onboarding process and drives up costs.
In addition, offboarding isn’t always carried out securely because there aren’t always triggers in the process that revoke the external identity’s access and rights. There should be a periodic access check to ensure that you have control over who can (still) access your data.
Case: External identities at the Jumbo supermarket chain
Jumbo has been around since 1921 and is now one of the largest supermarket chains in the Netherlands with more than 700 stores. Of these stores, 50% are managed in-house and 50% are owned by franchisees.
The employees of a franchise store aren’t employed by Jumbo but are contracted by the franchisee. Therefore, Jumbo views them as external identities, because these external employees need access to specific applications in the IT landscape. And, just like Jumbo’s internal employees, they need a digital identity to do so – for example, to use the employee app. Jumbo uses this app to enhance their employees’ connection with the brand. Employees can install the app on their smartphone and use it to communicate with each other in the stores, contact the service centre and access details about the various products.
The identity data of internal employees has always been managed in Jumbo’s HR system. Based on this identity data and via an automated connection, digital identities are created in the IAM solution. Access and rights for Jumbo’s IT landscape for these digital identities are also issued and controlled in the IAM solution.
Because the identity data of external employees aren’t in the HR system, these employees can’t access the applications in the Jumbo IT landscape via the IAM solution.
To solve this problem, the Franchise Portal was created, a new source system that franchisees can use to add the employees working in their franchise store. The identity data is then sent to Jumbo’s IAM solution. Therefore, they’re treated in exactly the same way in the system as internal Jumbo employees and also have access to all of the benefits in Jumbo’s employee app, for example.
How does ID Veritas help?
iD Veritas enables you to carry out the onboarding and offboarding processes for external employees in an efficient, safe and controlled way. You are in firm control of the entire lifecycle of external identities. You can achieve this in 5 steps:
- First set up all external identities in iD Veritas. Manually enter them, upload a CSV overview or connect to your supplier’s database (via an API).
- You or your supplier can then use iD Veritas to manage the lifecycle status of the external identities. Changes are automatically relayed to your IAM solution, which revokes or modifies access and rights.
- Now connect iD Veritas to your IAM solution. iD Veritas can be connected to any Identity and Access Management solution on the market. iD Veritas uses open standards (such as an API) to send and receive information to and from your IAM solution.
- You have the option of outsourcing the data management of the external identities to your resourcing partners. This allows you to delegate administrative activities such as the entry, modification and deletion of external identities. All your organisation has to do after that is validate the information that was entered. Easy and efficient!
- You retain control and oversight. The recertification process and the extensive reporting possibilities not only put you firmly in control but enable you to demonstrate it as well. This makes it a lot easier to comply with laws and regulations.
If you would like to learn more about managing external identities with iD Veritas, please contact us at 088-9982020 or firstname.lastname@example.org. We look forward to hearing from you!