Identity Governance and Compliance Automation
Picking up and Remodeling
One of the first things I dove into when I started at Morningstar was learning about Identity Governance through Sailpoint IdentityIQ. There had been some failed integrations made by a contractor and since I had familiarity with the base language it was programmed in, I volunteered to learn the system.Shortly after studying it, I was able to identify several major issues with the contractor's code that would actually impact management through Active Directory. I modified the workflows to correct the errors and issues. I then started investigating ways to address fundamental problems in our environment since our instance of the application was undersized. Many workflows were now running in much better O(n) time. I was able to complete automation for several life cycle events working around integration issues with our HR system, which was the authoritative source.
Doing all the Things
Finally, I started working on further integration and data normalization with propagation in concert with our HR department and Enterprise team. This allowed me to recreate a system for alerting owners of service accounts of policy violations regarding password age, among other things. It also created digests of accounts that were flagged for our compliance team to more closely watch and keep stricter adherence to.This also permitted me to make other quality of life and exployee experience enhancements such as universal phone number formatting for replication across multiple systems; dynamic email signatures based on location information; preauthorizing requesting certain entitlements prior to start; immediate group membership changes based on HR department data for compliance purposes; and using Active Directory as the authoritative source for certain attributes instead of a singular source which is the current out of the box functionality.