Standardising Active Directory and Automating Access Across a Multi-Brand Hotel Group

Standardising Active Directory and Automating Access Across a Multi-Brand Hotel Group

Using structured data and automation to standardise identity management and ensure consistent access control across multiple countries, brands, and locations.

Hospitality sector. Client details have been anonymised, but the scenario reflects a real engagement.

Snapshot

• Industry: Hospitality
• Organisation size: Approximately 4,500 users
• Environment: Active Directory, Microsoft 365, SQL database
• Challenge: Inconsistent directory structures and complex, manual access management
• Solution: Attribute-driven automation with dynamic group assignment using Adaxes
• Outcome: Standardised identity model with fully automated, data-driven access control

The Situation

The organisation operated across multiple countries and brands, each with its own variation of Active Directory structure and user configuration.

This led to inconsistencies in how users were created and managed. At the same time, access control relied on a highly granular group model, with thousands of security groups tied to combinations of country, job title, role, hotel, and brand.

Managing this manually had become increasingly difficult and error-prone.

The Challenge

• Inconsistent Active Directory structures across regions and brands
• Highly complex group membership model with thousands of security groups
• Manual assignment of access based on multiple attributes
• Increased risk of errors and inconsistencies
• High administrative overhead for IT teams
• Lack of automation in provisioning and updates

Why Change Was Needed

Managing access manually in such a complex environment was not sustainable.

The organisation needed a way to standardise user data and automate access decisions based on defined business rules. Without this, inconsistencies would persist and administrative effort would continue to grow.

A structured, data-driven approach was required to ensure both accuracy and scalability.

The Approach

Armstrong worked with the organisation to design an attribute-driven identity model aligned to Active Directory and Microsoft 365.

• Standardising key user attributes across all regions and brands
• Defining rules linking attributes to access requirements
• Integrating with a central SQL database as the source of access logic
• Designing automated workflows for provisioning and updates

The focus was on enforcing consistency while allowing the model to scale with the complexity of the organisation.

The Engagement

Armstrong worked with the organisation to implement a structured, data-driven approach to identity and access management, replacing manual processes with automated, policy-driven controls.

The engagement focused on aligning user data with access requirements, ensuring that identity information could be used reliably to drive automation across all brands and regions.

This established a scalable foundation, allowing the organisation to manage access consistently despite the complexity of its environment.

The Solution

A fully automated identity and access management solution was implemented using Adaxes, supported by a structured data model.

• Standardised user attributes across all brands and regions
• Automated user creation with brand-specific configurations
• Integration with a SQL database to determine access requirements
• Dynamic assignment of security group membership based on attributes
• Automatic updates to access when user attributes change
• Self-service password reset for end users

What This Replaced

• Inconsistent user provisioning across brands and countries
• Manual assignment of thousands of security groups
• High risk of access control errors
• Time-consuming administrative processes
• No self-service password reset capability

How It Works in Practice

Identity and access are now driven by structured data, ensuring consistency and accuracy across the organisation.

• Users are created with validated, standardised attributes
• Access is assigned automatically based on role, location, and brand
• Group membership is calculated using SQL-driven logic
• Changes to user attributes trigger automatic updates to access
• IT teams no longer manage group assignments manually
• Users can reset passwords through self-service

The Outcome

The organisation moved from a complex, manual model to a fully automated and standardised approach to identity management.

• Consistent Active Directory structure across all regions and brands
• Fully automated group membership and access control
• Significant reduction in IT administrative workload
• Improved accuracy and security of access decisions
• A scalable solution aligned to business complexity
• Enhanced user experience through self-service

Key Takeaways

• Standardised user data is essential for effective automation
• Complex access models require structured, data-driven solutions
• Automation reduces both risk and administrative effort
• Dynamic group assignment ensures access reflects real-world roles
• Self-service improves efficiency and user experience