Hello! In today’s “Voice of the Partner” blog, Chris Gregory, VP Operations and Channel Development at Saviynt explains how Saviynt identity governance solutions complement Azure Active Directory (Azure AD) and Microsoft 365 to help organizations simplify identity management and comply with data privacy regulations. Our two companies are currently involved in a multi-year engagement with Walgreens to help unify operations after a recent merger. Chris provides great insight into how we’ve helped the pharmacy consolidate identity and access management across its global enterprise.
Enabling digital transformation for a global enterprise
By Chris Gregory, VP Operations and Channel Development, Saviynt
In today’s business environment, protecting data and consumer privacy can be complex. Enterprises support remote workers, contractors, partners, and customers who access resources across multiple cloud services. It’s important that each of these users can access only the data required for a task—and nothing more. This requires strong access management and identity governance.
Saviynt’s partnership with Microsoft allows us to offer customers a comprehensive access management and identity governance solution through a single pane of glass. Our mutual customer, Walgreens Boots Alliance, provides a great example of how, together, we help customers solve complex compliance and governance challenges.
Protecting consumer privacy in a global enterprise
Walgreens, the second-largest pharmacy store chain in the United States, operates 9,277 stores domestically. Recently, the company purchased Swiss-based Alliance Boots to expand its global retail reach, forming a new entity, Walgreens Boots Alliance (WBA). The entire user community includes 65,000 corporate users and 248,000 field workers in stores and distribution centers.
The purchase of Alliance Boots requires WBA to comply with the European Union Global Data Privacy Regulation (GDPR). Under GDPR, companies with EU customers must make sure that their systems and processes for handling data are designed with privacy in mind. They need to monitor and detect breaches, control access to data, and regularly audit user access, among other requirements. Before we engaged with WBA, the company managed many of these processes manually, which was time consuming and put them at risk of noncompliance.
Unifying operations and identity management
Merging two companies also means integrating different tools, processes, and teams. Walgreens and Alliance Boots each had their own apps and user groups, so as a first step toward unifying operations, WBA signed a strategic agreement with Microsoft for development of a community healthcare platform for in-store, standalone, and online clinical endpoints. Since WBA embraces Microsoft Cloud Solutions, it required that identity management and governance be native to the Microsoft solution and provide a single organization-wide dashboard. They also needed a solution that would help them rapidly onboard apps.
As part of a two-phase project, WBA will consolidate identity management and governance with Azure Active Directory (Azure AD) and Saviynt. Phase 1 focused on Europe, the Middle East, and Africa (EMEA). To help WBA verify identities that access its systems, Azure AD authenticates and authorizes users. Capabilities like multi-factor authentication (MFA) reduce the risk that a compromised account can successfully sign in. Machine learning algorithms help identify and respond to risky sign-ins based on policies that WBA defines. For example, Azure AD can force a user who may be compromised to reset their password. WBA also uses Conditional Access policies to limit and block access based on a variety of risk factors. Many of these processes can be automated, freeing up security operations to focus on the most critical issues.
Simplifying compliance requirements with identity governance
At an organization as large as WBA, people frequently transition in and out of the company or into different roles and groups within the organization. It’s important that with each role change, users quickly get access to the tools they need and lose access to the ones they don’t. This is especially true for privileged users who are authorized to handle customer information. Previously, WBA managed the provisioning and deprovisioning of accounts manually, but our solution has allowed them to automate much of this process.
Saviynt’s identity governance and privileged access management capabilities complement Azure AD identity governance with fine-grained entitlement management across apps. This allows WBA to define access based on conditions in addition to role. Artificial intelligence and machine learning technologies surface actionable access data to help administrators make smart approval decisions. And they can dig into access details across identities and apps to facilitate investigations and audits. Separation of Duties (SOD) allows WBA to split a complex financial-related task between more than one person in compliance with the Sarbanes-Oxley Act of 2002 (SOX).
Phase 1 was completed in 90 days. We are currently engaged in phase 2, which will replace a legacy on-premises identity management product implementation in the United States and integrate over 200 apps with Azure AD and Saviynt for authentication and identity governance.
WBA represents just one example of how Azure AD and Saviynt work together to help companies digitally transform, while protecting consumer privacy.
Learn more about Microsoft identity:
Share product suggestions on the Azure Feedback Forum