Improved Identity Governance at Møller Mobility Group
Administrator accounts are often an attractive target for cyberattacks due to their elevated privileges, and therefore require strong control and governance. Møller Mobility Group decided to collaborate with Cloudworks to implement an effective and secure solution for Identity Governance and Administration (IGA) within the organization's established Microsoft Entra ID environment.
The leading automotive group in Norway and the Baltics
With over 4,000 employees and more than 1.5 million cars sold, Møller Mobility Group is the leading automotive group in Norway and the Baltics. Today, more than 750,000 customers are served by 70 dealerships across five countries. The company was founded in 1936 by Harald Aars Møller and is still owned by the Møller family.
The importance of strong governance of administrator accounts
Like many large organizations, Møller Mobility Group manages a complex network of accounts and users, all with varying levels of access and privileges. Among these are administrator accounts with elevated privileges, which allow users to make critical changes that can impact the entire organization.
Due to their elevated privileges, administrator accounts are often a prime target for cyberattacks, necessitating strong control and governance.
Manual and time-consuming processes
The organization has always ensured that administrator rights are kept separate from regular user accounts in accordance with best practices. However, these processes have been characterized by manual operations, which are both time-consuming and inefficient.
Therefore a secure and efficient solution was needed to manage both the onboarding and offboarding of administrator accounts, ensuring proper provisioning when employees are assigned new roles and secure deactivation when they leave the organization.
To address this challenge, Møller Mobility Group chose to collaborate with Cloudworks to implement a comprehensive Identity Governance and Administration (IGA) solution within their established Microsoft Entra ID environment.
Effective governance of accounts with elevated privileges
Automated Lifecycle Management
With Microsoft Entra ID Governance, Cloudworks has implemented automated lifecycle management for administrator accounts. The new system allows users to request an administrator account, where the user’s information is automatically linked to the new account. This ensures that no administrator accounts exist without an associated user.
The system also continuously checks for orphaned administrator accounts linked to inactive user accounts.
Automated lifecycle management ensures that no administrator accounts are orphaned and left active, which could make them vulnerable to attacks.
Custom extensions
Cloudworks developed tailored extensions for the organization. These enables users to set up customized administrator accounts to handle specific tasks, all interconnected with the primary user account. For example, a user can have several linked administrator accounts, each designed for distinct responsibilities. When the primary account is deactivated, all linked administrator accounts will also automatically be deactivated.
Access packages with specific access rights
The access packages allow administrator accounts to request specific access rights through an approval flow. The request is automatically forwarded to department managers or system owners who must approve it before the rights are granted. This ensures that an administrator account only has the necessary rights—no more, no less.
Control and auditing of administrator account access
Privileged Identity Management (PIM) from Microsoft Entra ID adds an extra layer of security. The implementation of PIM makes it possible to control and audit all access for administrator accounts, ensuring that rights are only activated and granted when needed.
Review of existing accounts and secure authentication protocols
The IGA project has been implemented gradually over a two-year period. This ensures a smooth transition, minimize disruptions, and allow everyone to adapt to the new system.
A thorough review of existing accounts kicked off the project, and inactive and unnecessary privileges were cleaned up. During the first year, the foundation for the project was laid with the implementation of PIM and more secure authentication protocols. This included the implementation of multi-factor authentication (MFA) and the integration of Windows Hello for Business, resulting in a more efficient and user-friendly login process using biometrics.
Close collaboration
With the launch of Microsoft Entra ID Governance in the following year, work began on automating lifecycle management of the accounts. Tailored extensions automated the handling and deactivation of administrator accounts.
There was close collaboration with the various departments within Møller Mobility Group to customize access packages for specific roles.
A seamless transition with gradual onboarding
An important phase of the process was the gradual onboarding of the different teams. Through targeted training, everyone became familiar with the new processes for requesting rights.
Most users did not view it as a significant change, as they were already accustomed to using separate accounts for administrative purposes. Their existing admin accounts were seamlessly linked with their main user accounts, integrating them into the new IGA system without disruption. It was a top priority to ensure that this transition to the new solution was as smooth as possible.
The final months were dedicated to fully implementing the solution, with the new IGA processes being integrated into existing systems in close collaboration with the organization’s teams.
Future-proofing
A key outcome of the two-year project is that the solution is flexible and easy to adapt, allowing it to scale and evolve as needs change. This provides Møller Mobility Group with a more robust and resilient IAM environment that can grow alongside the organization.
Does your company have full control over your identities?
With our experience from numerous successful IAM implementations, we know exactly how to structure projects to ensure the best results.
Let's have a chat about how we can strengthen your identity management