HaasSquareLogo

Haas Automation

A Case Study for Identity & Access Management

Haas Automation, a private manufacturing firm in California, has expanded over 35 years to include more than 1500 employees and 170 distributors globally.

Products and connectors: HelloID, IAM, PSM, SSRPM, Service Automation

Despite Haas’ SAP Security Lead, Vincent Cacaro, viewing it as a smaller organization, the search for an IdM solution last year was critical. Large vendors like IBM and SAP were quickly dismissed due to concerns over timing and cost. “Their scoping activities alone would have consumed more time than we needed to implement Tool4ever’s solutions,” Cacaro noted. “Such a project would have been excessive for us. We sought a smaller company that could grasp our needs and help us scale appropriately for our size, industry, and culture. We aimed to initiate a pilot project to achieve rapid results.”

“The helpdesk manually created a password that expired after the first login. They emailed it to the user. This process wasn’t sustainable, especially this past year when the majority of our users were working from home. SSRPM, much like IAM, couldn’t have come at a better time.”

Mike Schilling, System Engineer II at Haas Automation, Inc.

Discovery

The journey began with exploring identity & access management, single sign-on, and password management. However, like many organizations, Haas quickly uncovered additional challenges. A significant one was automating the user lifecycle. The manual creation of accounts for new hires and contractors was causing friction between IT and HR. Cacaro reflected on the misalignments between the departments concerning employment statuses, start or end dates, and managerial responsibilities. Furthermore, there was no secure method for distributing usernames and passwords once accounts were created.

To address these issues, Haas opted for a phased implementation strategy, starting with quick wins to build momentum.

Getting Their Feet Wet

Ken Shannon, IT Infrastructure & Security Manager at Haas, prepared a multidisciplinary team for the project. Their Tools4ever consultant, James Anderson, initiated the process with regular meetings and a shared task list.

The project began modestly with password synchronization. Several systems within Haas’ SAP environment were not reflecting changes made to AD credentials, leading to a high volume of reset requests for SAP administrators. Anderson tackled this challenge, and with a swift implementation, Tool4ever’s Password Synchronization Manager (PSM) began capturing and synchronizing all AD credential changes across SAP systems, saving time immediately.

Not All Fun and Games

With PSM operational, attention turned to user directory provisioning through IAM, Tools4ever’s on-premises solution. However, the first step was cleaning fragmented HR data from years of growth and process evolution. This “garbage in, garbage out” problem required a deep dive into SAP personnel data, updating records and refining department structures. This foundational work ensured that IAM could accurately provision employees across various positions.

Pause for Password Reset

With all employees now provisioned from SAP to AD, Tools4ever’s Self-Service Reset Password Manager (SSRPM) was introduced. This solution provided a web portal for password resets accessible to all employees, regardless of location or device, even those without a designated workstation.

Easier Onboarding? There’s Logic for That

Developing account provisioning logic for key systems like Exchange and SAP was next. Exchange setup was straightforward, with rules established for mailbox assignments. SAP required more complex connector logic within IAM, tailored to the varying access needs of employees.

Pause for Principle of Least Privilege

An internal access audit was conducted to map departmental access to file shares accurately, laying the groundwork for a company-wide access governance model. This ensured role-dependent access and addressed resource accumulation and permission creep.

Last Step – Single Sign-On

The final phase involved implementing Single Sign-On (SSO) through Tools4ever’s HelloID Access Management module, simplifying access to various applications and enabling conditional access policies for seamless authentication.

Results

Haas Automation has seen significant efficiencies in IT and HR processes, with automated user lifecycle management reducing the opportunities for security vulnerabilities. The project’s success was facilitated by excellent communication and the responsive nature of the team.

“We eliminated manual data entry. Spreadsheets, post-it notes, memories. . .” Cacaro said. “The onboarding/offboarding process is now roughly 25% of what it used to be, with the added advantage of accuracy.”

Reflecting on the project, the Haas team appreciates the reduced workload and increased focus on end-user support. The unusual events of 2020 underscored the value of IAM in managing user administration efficiently.