Vangent, a provider of IT and consulting services, wanted to streamline the process of giving new employees accounts and access to the groups and resources that they needed. This issue was particularly important given the company’s large number of seasonal workers in its many call centers. Vangent worked with Zeva—a Microsoft Gold Certified Partner—to implement identity management solutions built on Microsoft Identity Lifecycle Manager 2007 and Microsoft Forefront Identity Manager 2010. Vangent now saves up to 30 minutes per employee for initial provisioning, and employees can use self-service functionality to manage groups. Rather than waiting up to two weeks to be productive, new employees are able to go to work immediately, which improves service to Vangent customers and saves the company millions of dollars each year in lost productivity.
Vangent serves government, commercial, education, and healthcare organizations, providing them with information management and business process solutions. The company’s mission is to design, build, and operate mission-driven solutions that ensure its customers’ success by combining the right people, technology, and knowledge.
Vangent operates a number of business process outsourcing programs, which follow a cycle of demand during the course of a year. As a result, the company has to manage a high volume of employee hiring, job transitions, contract changes, and other employee transactions. For instance, in the last three months of each calendar year, Vangent must hire several thousand employees in just a few weeks to meet customer demands.
The employee transactions meant a series of steps for the Vangent IT department, which had to ensure that employees received email accounts, were assigned to the proper user groups, received access to the appropriate company resources, and so on. “Before a new employee could get to work, our human resources employees had to fill out paper forms, get them approved, and fax them to the help desk, which in turn had to find out which rights to assign to which individuals and groups and then manually set up each account,” says Asif Mahmud, Vice President of Enterprise Systems at Vangent.
The company wanted to automate the employee provisioning process, so it purchased a tool set that supposedly would work with the company’s PeopleSoft human resources (HR) system to help it achieve its desired level of integrated automation. However, after nine months of trying to make the solution work, Vangent had to abandon the effort. “We knew it was a disaster when we reached our annual spike in demand and had a backlog of 3,000 employee-related help-desk tickets,” recalls Mahmud.
Provisioning not only placed a heavy burden on the company’s IT staff, it also caused a significant lapse between the time that new employees were hired and when they could begin to do their jobs. “One of the worst aspects of the on-boarding lag time was seeing new employees unable to get to work and generate revenue for the company because they could not yet access the tools they needed,” says John George, Senior Vice President and Chief Information Officer at Vangent. The process could take up to two weeks for a new employee to be fully functional within the Vangent environment.
Lag time existed on the other end of the employment life cycle too, and having an ex-employee’s accounts remain active following termination posed certain security risks. “To give you an idea of the challenge we faced, when we took a hard look at our Active Directory Domain Services system, we saw that it included 14,000 user accounts,” says George. “But at that time, we only had about 4,300 employees.” The company needed to automate the process for closing the accounts of employees whose contracts had expired.
Vangent also wanted to improve its process for assigning agent identification numbers (IDs) to call-center employees. When Vangent hired a new call-center employee, that person was manually assigned an agent ID that was based on the employee’s particular skill set and the Vangent customer or set of customers that the employee was most qualified to help. But the manual process left room for mistakes, duplicate IDs, and calls sent to the wrong agent.
“We wanted to streamline the whole provisioning/agent ID process and link in our voice system so that employees have everything they need to serve our customers, right from the first day that they walk in,” says Mahmud.
Vangent saw additional opportunities for automation in the realm of group management. The company uses groups to manage security when it comes to accessing services in the Vangent network and also to manage the sharing of information through distribution groups. Vangent wanted to make it possible for designated business owners to use an automated system to create groups, add employees and contract workers to the groups, remove them from the groups, and delete groups as necessary.
“Of the approximately 6,000 calls our help desk received per month, 70 percent had to do with user groups and passwords,” says George. “We wanted to reduce those calls by empowering employees to serve themselves.” Vangent aims to establish automated self-service capabilities to the greatest extent possible throughout the company. Giving appropriate employees the ability to manage groups themselves fits well within that initiative.
In 2008, Vangent decided to invest in Microsoft technologies to support its push for increased identity-management automation. The company chose to work with Zeva, a Microsoft Gold Certified Partner that specializes in meeting the identity needs of enterprise organizations.
Vangent and Zeva started by using Microsoft Identity Lifecycle Manager 2007 to automate the provisioning and deprovisioning process and to assign agent IDs. After its nine-month experience in trying to use a competitive product, Vangent was pleasantly surprised by how quickly Zeva was able to develop and deploy the solution. “We’ve found that Zeva has an outstanding breadth of IT knowledge and depth of understanding when it comes to our specific business issues and where we’re headed as a company,” says George. “And, using Microsoft Identity Lifecycle Manager 2007, we had a solution that handled everything we wanted it to within about three weeks.”
The solution bases agent IDs on specific rules and regulations, such as those required by the company’s government agency customers. The solution links to both Active Directory Domain Services and Microsoft SQL Server 2008 Service Pack 1 data management software to track IDs and avoid ID duplication.
Vangent quickly put its solution to the test when the United States federal government launched the Car Allowance Rebate System, also known as “Cash for Clunkers,” and needed call-center support to process the enormous number of rebate applications from the nation’s car dealers.
“We won the job because the federal decision makers saw that Vangent could ramp up incredibly quickly and thoroughly satisfy the program’s demands,” says George. “In fact, we were able to hire 3,000 workers over the course of just one weekend and have them ready to work immediately. We didn’t even feel the pinch that that sort of spike in hiring previously caused. Plus, after we completed the project, we were easily able to scale back quickly and efficiently until the next surge in demand.”
Implementing the solution gave Vangent the opportunity to tighten up the window of time between an employee’s departure and the removal of that employee’s accounts from the Vangent environment. “We implemented automation so that as soon as employees leave, those accounts are flagged as inactive in the HR system and, if they’re not reactivated, they are automatically removed from the system after 30 days,” notes Mahmud.
Upgrading for More Comprehensive Capabilities
Successfully automating its provisioning process was a step in the right direction, but Vangent was not finished yet. “We identified some manual processes that generate a high number of help-desk calls and set out to make them more efficient,” says George. “By implementing a cost-effective solution that targets and reduces a large percentage of our calls, we can not only shrink our help-desk costs but also increase our employees’ job satisfaction and productivity because they’ll be empowered to quickly address their own needs.”
In March 2010, Zeva recommended that Vangent take advantage of Microsoft Forefront Identity Manager 2010 in conjunction with Active Directory Domain Services and the Windows Server 2008 R2 operating system. “Vangent asked us for a group management solution that helped control who should be part of which groups based on a set of business rules,” explains Issam Andoni, President of Zeva. “We knew that we could provide the kind of business-driven self-service functionality that Vangent was looking for by using Microsoft Forefront Identity Manager 2010.”
For the short term, Zeva left the original automated provisioning solution up and running on Identity Lifecycle Manager 2007 and built a separate, parallel environment for group management using Forefront Identity Manager 2010. Vangent is making the most of out-of-the-box Forefront Identity Manager 2010 functionality, such as query-based group membership for different internal organizations, and extending the solution where necessary to fill in any gaps and meet business needs.
“We’ve been going through the process of identifying all existing groups to determine which are used actively, and deciding which to disable in an effort to remove unnecessary groups and data from our environment,” says Mahmud. “It is important to us that we have the ability to move groups over gradually so that we can ensure that only valid groups end up in the system. With Forefront Identity Manager 2010, we’ve been able to take that controlled, phased approach to group management.”
With its new group management solution in place, Vangent’s business owners can now submit group-related requests through a self-service portal that is based on Forefront Identity Manager 2010 functionality. Requests are made through a portal and handled according to business policy, in which some groups are created directly and others require approval through an automated workflow process. Business owners also can add and remove users from groups as employees change jobs and responsibilities.
In October 2010, Vangent and Zeva consolidated the two identity management solutions, upgrading the Identity Lifecycle Manager 2007–based provisioning solution to Forefront Identity Manager 2010 and then dismantling the previous system for more straightforward management.
Planning for Future Functionality
Vangent and Zeva also are collaborating to formulate a road map for future identity management functionality. “Eventually, Vangent will make use of the full spectrum of Forefront Identity Manager features to achieve its range of business objectives,” says Andoni.
For example, Vangent hopes to automate the process for creating email and other accounts for its large number of temporary contract workers. “Vangent would like to implement a self-service contractor portal that employees could use to request that contractor accounts be created and automatically linked to the right workflow processes, business processes, and business values,” says Andoni.
Although Vangent still has plenty of identity management–related plans on the horizon, the company already sees increased employee productivity, enhanced security, greater agility, and cost savings from its use of Forefront Identity Manager 2010.
Increased Employee Productivity and Satisfaction
Vangent is delivering on its promise of greater efficiency for employees because they no longer need to wait up to two weeks for the help desk to get what they need. “Giving employees—and, ultimately, contractors—fast, appropriate access to the necessary applications, groups, distribution lists, locations, security controls, and email makes a positive difference for overall productivity and satisfaction,” says George. As of October 2010, the company’s total call volume had dropped from 6,000 calls a month to just 3,500. Of those, only 40 percent were related to user groups and passwords, down from 70 percent.
Continues George, “We’re achieving our goals of providing instant user gratification. We’re using Forefront Identity Manager 2010 to help us empower our employees to be agile and do what they could never do before, all of which ultimately enhances our service to our customers.”
Improved Agility and Better Customer Service
New employees no longer need to wait for access to the right groups and applications—they can be productive right away. Being able to provide that immediate level of service makes it possible for Vangent to improve its service to customers because the company has the agility to add or re-provision employees in response to customer needs, as demonstrated by the company’s successful performance on Cash for Clunkers, in which Vangent acted quickly to support the needs of its government customer.
“We couldn’t have delivered that kind of speed and service if we had not streamlined our employee provisioning process using Microsoft technologies,” recalls Mahmud. “All we have to do now is add new employees to our HR system and the rest requires zero involvement from IT. The information automatically flows from there to our other systems via Forefront Identity Manager 2010. We can provision employees with the appropriate resources, agent IDs, and so on, with no more confusion as to who’s working on which program or should receive which customer calls. We’re definitely making a positive impact on our customer service by automating as many components as possible.”
Enhanced Security and Compliance
Just as the ability to quickly provision new employees helps the company, the ability to close employee accounts in an organized, timely manner helps Vangent safeguard its environment. The company does not have to worry about departed employees gaining access to files and company information when they should no longer have that access. Vangent also can keep its systems clean and avoid storing unnecessary data in email, file shares, and elsewhere. “We’ve both enhanced our level of security and reduced our storage costs by more than 20 percent through implementing the Microsoft identity management solution,” says Mahmud.
Vangent also has found that having Forefront Identity Manager 2010 in place makes it easier to prepare for audits and comply with regulations, such as the Sarbanes-Oxley Act of 2002. “We undergo both internal and external audits each year, and now that our environment contains clean, current accounts, those audits are a non-event for us,” says Mahmud.
Significant Cost Reductions
Although hard costs are difficult to measure, Vangent knows that adopting a Microsoft identity management solution saves the company money from both IT and user standpoints.
“When dealing with as many as 30,000 employee transactions, going from an average of 20 to 30 minutes for each account to handling things immediately, really adds up quickly. Handling those transactions automatically saves us a couple million dollars in IT staff efficiency and employee productivity,” says Mahmud. “Now that we’ve integrated our HR, Active Directory, voice, and other systems—with data automatically delivered by Forefront Identity Manager 2010—and now that our business owners have the ability to manage group memberships, we save a lot of IT resources. We’re no longer manually maintaining distribution lists, security groups, access to applications, and so on.”
Adds George, “In making these identity-management improvements, we removed a negative impact of millions of dollars that had stemmed from employees forced to sit and wait, unable to get to work and generate revenue. That’s a tremendous cost savings.”
Microsoft Infrastructure Optimization
With infrastructure optimization, you can build a secure, well-managed, and dynamic core IT infrastructure that can reduce overall IT costs, make better use of resources, and become a strategic asset for the business. The Infrastructure Optimization model—with basic, standardized, rationalized, and dynamic levels—was developed by Microsoft using industry best practices and Microsoft’s own experiences with enterprise customers. The Infrastructure Optimization model provides a maturity framework that is flexible and easily used as a benchmark for technical capability and business value.
For more information about Microsoft infrastructure optimization, go to:
For More Information
For more information about Microsoft products and services, call the Microsoft Sales Information Center at (800) 426-9400. In Canada, call the Microsoft Canada Information Centre at (877) 568-2495. Customers in the United States and Canada who are deaf or hard-of-hearing can reach Microsoft text telephone (TTY/TDD) services at (800) 892-5234. Outside the 50 United States and Canada, please contact your local Microsoft subsidiary. To access information using the World Wide Web, go to:
For more information about Zeva products and services, call (703) 582-8399 or visit the website at:
For more information about Vangent products and services, call (800) 359-1440 or visit the website at: