KPN delivers telecommunication- and ICT-services and offers consumers fixed and mobile telephone, internet and television. For business clients KPN delivers complete telecommunication- and ICT-solutions. KPN offers worldwide wholesale-networkservices to other operators.

Getronics is an ICT-services company. Previously, the company was also known as Getronics PinkRoccade. In 2007, Getronics was acquired by the telecommunication concern KPN.

Project description

For the management of their internal users, KPN/Getronics planned an implementation of Oracle Identity Manager. For the definition of the architecture and the technical implementation, KPN/Getronics opted for a cooperation with Cronos/IS4U and Oracle Consulting.

Task description Cronos/IS4U

Reconciliation Framework

Oracle Consulting focussed on ‘indirect provisioning’ functionality and the role model, Cronos/IS4U focussed on delivering a framework for synchronising the users and departements of KPN and Getronics. As KPN and Getronics have separate HR systems available, and given the fact that future plans involve coupling other daughters of KPN, the generic character of the solution needed to be guaranteed.  The developed framework consists of a module for analysing, processing and archiving delivered source files as well as out of the box and custom developed connectors for Oracle Identity Manager. This way, the framework is able to process the deliverd source files containing HR information for KPN and the organisational structure of KPN. The same was done for source files containing HR and organisational information for Getronics.

The delivered framework also works as a translation layer for ETL-information comming from CA/Eurekify Role & Compliance Manager and Oracle Identity Manager. This data is used for reporting on user accounts in target systems not actively coupled with Oracle Identity Management.

Generic configuration of Oracle Identity Manager

Next to the framework, Cronos/IS4U wasresponsible for the design and configuration of Oracle Identity Manager in a way that future modules can easily be coupkled without the need to rework (or at least only have minimal need for rework) existing functionalities.

Provisioning of target systems

There was already a custom developed user interface available for Identity & Access Management, the ‘IAM Portal’, in place at KPN/Getronics.  KPN opted to reuse this existing interface. The aim of integrating this presentation layer is with Oracle Identity Manager is to provision user- and organisational structure tables of this portal using Oracle Identity Manager. To achieve this, out of the box as well as custom developed connectors were used by Cronos/IS4U.

Processing of authorisation-requests

All requests for assigning or revoking authorisations are handled by the IAM portal. The actual processing of these requests needs to be performed by Oracle Identity Manager (OIM). For the communication between the IAM Portal and Oracle Identity Manager KPN/Getronics opted for an intermediate table in the database. The requests injected by the IAM Portal are being periodically handled by the developed ‘Scheduled Tasks’ and trasformed into requests in OIM. The further processing of these requests was developed by Oracle Consulting. After handeling the request in OIM, an API, developed by Cronos/IS4U was called to inject feedback on the processing into the intermediate table in the database. This way, requestors can be given appropriate feedback on their requests in the IAM portal.

Our Partners