Unsupported Browser! This website will offer limited functionality in this browser. We only support the recent versions of major browsers like Chrome, Firefox, Safari, and Edge.
Your personal web demo - Get to know NEXIS 4
Details and registration
NEXIS 4 Demo

SUCCESS STORY

BEIERSDORF SHARED SERVICES GMBH
Transparency & security in authorization management through clear review processes

The constantly increasing internal and external requirements are raising the complexity of Identity & Access Management (IAM) in companies. The assignment and verification of employees’ rights is becoming increasingly complicated and subject to error due to the rising number of digital identities without tool-based governance processes. Frequent changes in employees’ task areas or departments particularly carry the risk of deficient or inadequate control over the new and remaining entitlement assignments.

To address this challenge in a forward-looking way and to increase the degree of automation, Beiersdorf Shared Services GmbH (BSS) has introduced eventdriven recertifications of employee entitlements and responsibilities for Microsoft Active Directory (AD) groups with the help of NEXIS Controle (since 2021: NEXIS 4). This means that even if employees change their role, a simple process guarantees that they have the correct set of rights immediately.

Beiersdorf Shared Services GmbH has been a wholly owned subsidiary of Beiersdorf since 2003 and is represented around the world by over 340 employees. Being Beiersdorf‘s strong partner for IT and accounting worldwide. The aim is to provide optimum support for Beiersdorf‘s business. This involves providing highly efficient accounting and IT services from a single source. From traditional accounting to sophisticated infrastructure solutions, application management, and strategic consulting.

PROJECT GOAL EVENT-RELATED RECERTIFICATION

Beiersdorf Shared Services GmbH would like to have employees’ assigned entitlements and responsibilities subjected to event-related recertification.

If an employee changes department, for example, after a transition period they should lose the entitlements that are no longer required for them to perform their new role.

Thomas Kresalek, Beiersdorf Shared Services

What is important to us is to be able to remove entitlements through clearly defined recertification processes if there is no longer a basis for them.

- Thomas Kresalek, Beiersdorf Shared Services

SOLUTION COMPACT & LONG-TERM

The IAM system which is already being operated successfully at BSS was to be supplemented by the desired functions but not fundamentally changed.

Here, particular store was set by an implementation that was compact, long-term, and highly automated. As a leading technology tool in the fields of analysis, visual (re-)modeling of entitlement structures, and implementation of governance processes, NEXIS Controle can fulfill the existing requirements to the greatest possible extent in the standard. In contrast to extending the IAM system in another way by customizing it or developing an in-house add-in solution, using NEXIS Controle therefore proved to be the most lightweight and sustainable option. To achieve the goal of configuration and implementation as quickly and efficiently as possible, the consulting expertise and best-practice experience of Nexis GmbH were also incorporated in the project in a matter of days.

In close cooperation, BSS and Nexis GmbH designed workflows in NEXIS Controle that perform the following controls in the context of approval workflows:

  • If an employee changes to another department, NEXIS Controle should be used to perform an automated recertification process for the employee’s current AD groups, using a mask that has been specially configured for the task.

  • If someone responsible for an AD group changes to another department, their superior to date should use the workflows in NEXIS Controle to check whether the responsibilities are allowed to continue or whether they need to be transferred to another employee.

DESIGN AUTOMATION THROUGH WORKFLOWS

TECHNICAL APPLICATION MULTI-LEVEL APPROVAL PROCESSES

If employees change posts, the IAM system triggers an API call in NEXIS Controle via a standardized REST connection. This activates two separate workflows to recertificate the specific employee’s AD group responsibilities and AD group assignments. Multi-level approval processes are configured in the NEXIS Controle workflow engine by customer request, including optional escalation processes. Here, it was particularly important to BSS to configure the user interface for task processing by departments. So that these departments could carry out their recertification as intuitively as possible, the configuration of the UI was fine-tuned in the context of an iterative process, and evaluated in the NEXIS Controle test environment before going live.

Success Story BSS Process englisch
Download as PDF

These companies rely on NEXIS

💡Get to know NEXIS 4 in action!

Let us guide you through the software in a 60-minute no-obligation session and explore its full potential for your business.

Here’s what to expect from your personal NEXIS 4 web demo:

  • 15-minute preliminary talk
    We’ll start with a brief preparation call to understand your needs and expectations. In this way, we can optimally adapt to your priorities.
  • Approx. 60-minute demo
    After that, we’ll schedule a tailored demo session with you.
    During this time you will receive:
    • Insight into all product functions
    • Tailored to your priorities
    • Personalized guidance for you and your team

Nexis GmbH

Rudolf-Vogt-Str. 6
93053 Regensburg
Germany

Contact

+49 941 85097900
contact(at)nexis-secure.com

Newsletter Sign up

document.querySelector('#rm-lastname').placeholder = "Name"; document.querySelector('#rm-email').placeholder = "E-Mail";
Customer area
NEXIS | LinkedIn

Customer Area

NEXIS Customer Portal
NEXIS 4 Documentation