Case Study

Establishing HR as the Authoritative Source for Identity Management

Synchronising HR data with Active Directory to automate lifecycle management and ensure users are only active during their employment period.

2014 - Present

Establishing HR as the Authoritative Source for Identity Management

Using HR data to drive identity lifecycle management across Active Directory and Microsoft 365, improving accuracy, security, and operational efficiency.

Public sector organisation. Client details have been anonymised, but the scenario reflects a real engagement.

Snapshot

  • Industry: Public sector
  • Organisation size: Approximately 3,000 users
  • Environment: Active Directory, Microsoft 365, HR system (Oracle database)
  • Challenge: Manual processes and lack of a single authoritative identity source
  • Solution: Scheduled HR-driven identity synchronisation using Adaxes
  • Outcome: Automated lifecycle management with improved security and data accuracy

The Situation

The organisation required a more structured and reliable approach to managing user identities across Active Directory and Microsoft 365.

Its HR system contained accurate employee data but was not fully integrated into IT processes. As a result, user accounts were created and updated inconsistently, leading to discrepancies between HR records and Active Directory.

As the organisation grew, this increased administrative effort and introduced security risks around onboarding and offboarding.

The Challenge

  • HR data not consistently reflected in Active Directory
  • Manual provisioning and deprovisioning processes
  • No single authoritative source for identity attributes
  • Risk of accounts remaining active outside employment dates
  • Manual intervention required for joiners, movers, and leavers

Why Change Was Needed

Without direct integration between HR and IT systems, identity data could not be reliably enforced, creating both operational inefficiencies and security concerns.

A key requirement was ensuring users were only active during their employment period—accounts needed to be created in advance, enabled on the correct start date, and disabled promptly when employment ended.

A structured, automated model was required to enforce these controls consistently.

The Approach

Armstrong worked with the organisation to design a model where HR data directly drives identity management processes, with a strong emphasis on accuracy and lifecycle control.

  • Identifying authoritative attributes within the HR system
  • Mapping HR fields to Active Directory attributes
  • Designing a scheduled synchronisation model based on recent changes
  • Defining lifecycle rules for joiners, movers, and leavers

The focus was on ensuring identity data could be trusted and used consistently across systems.

The Engagement

Armstrong worked with the organisation to establish HR as the authoritative source for identity data, replacing manual processes with a structured and automated model.

The engagement focused on aligning identity lifecycle management with employment data, ensuring that user accounts accurately reflect real-world status at all times.

This created a reliable foundation for identity management, reducing both operational overhead and security risk.

The Solution

A scheduled synchronisation process was implemented using Adaxes, connecting directly to the HR system’s Oracle database.

  • Regular synchronisation cycle processing recent HR changes
  • Automated user account creation from HR records
  • Accounts created in advance but enabled only on start date
  • Automatic disabling of accounts on leaving date
  • HR established as the authoritative source for identity attributes

What This Replaced

  • Manual user account creation and updates
  • Inconsistent attribute management in Active Directory
  • Delays and gaps in onboarding and offboarding
  • Risk of accounts remaining active beyond employment

How It Works in Practice

Identity management is now driven directly by HR data, ensuring both accuracy and control across the user lifecycle.

  • New users are created automatically from HR records
  • Accounts remain disabled until the official start date
  • Users are enabled automatically on day one
  • Changes to user details are synchronised regularly
  • Accounts are disabled promptly when employment ends
  • No manual rekeying or duplication of identity data

The Outcome

The organisation moved to a fully automated, HR-driven identity management model with improved security and operational efficiency.

  • Automated joiner, mover, and leaver processes
  • Accounts aligned precisely to employment dates
  • Immediate deprovisioning of leavers
  • HR established as the single source of truth
  • Consistent and reliable identity data
  • Reduced administrative overhead
  • Improved security through lifecycle control

Key Takeaways

  • HR systems can act as the authoritative source for identity
  • Aligning account lifecycle with employment dates improves security
  • Scheduled synchronisation provides a scalable integration model
  • Automation enforces consistency while reducing manual effort

Related products

Adaxes

Automates Active Directory and Microsoft 365 tasks and enforces delegated administration.

View Product

Related solutions

Active Directory Management

Document governance and lifecycle responsibilities for on-prem directory services.

View Solution

Entra ID Management

Define roles, policies and measurable controls for Entra ID lifecycle and access.

View Solution

Self-Service & Delegation

Define owners, approval paths and acceptance criteria for delegated identity self-service.

View Solution

Self-Service Password Reset

Let users securely reset or unlock accounts to reduce helpdesk calls.

View Solution

User Provisioning & Lifecycle

Consistent, auditable controls for user account lifecycle across the organisation.

View Solution

Related technologies

Discuss your environment

Speak to a specialist