Top 8 Identity Challenges After an M&A
- The Radiant Team
- July 20, 2022
- CIAM
- 7 MIN READ
Picture this: you start your work day with an email from upper management that your company just acquired another company. Most employees will continue with their workday, but not the IT team.
If you’re on the IT team, your headaches are just beginning as you’ll be responsible for integrating the new employees into your current tech and identity stack. You’ll be faced with multiple identity sources, a new identity governance and administration (IGA) solution to look at, various LDAP and Active Directory (AD) data sources to deal with, and several cloud applications that use various single sign-on (SSO) solutions to federate identity.
Where do you start?
In this post, we’ll go over eight identity challenges companies may face after a merger and acquisition (M&A) and how to solve them.
Challenge 1: Enabling Application Access on Day 1
Employees of the newly-merged company will need access to all relevant applications, systems, and data to do their work. That means employees from Company A may need to access Company B applications—and vice versa—from Day 1. Without merging the applications and tech stacks, employees across the newly-enlarged company won’t be able to collaborate effectively. And without collaboration, the new company won’t realize the value of the deal that merged them in the first place.
The solution is to create a global list using RadiantOne to unify identity sources, and quickly offer cross-entity access. This abstraction layer allows you to create views to present application-specific identity information in the expected way for any application that needs it. This approach saves you time and effort as you don’t have to integrate the new user accounts into your existing data stores, and you don’t have to spend more cash buying new application licenses to accommodate the larger user base.
Challenge 2: Dealing with Multiple Identities
The new-to-you employees have their own identity data stored in various ADs and applications, such as the HR app. Merging the new user accounts isn’t always feasible because of the relationships between identity data. For example, joining an AD directory with an HR application is hard because there isn’t always a 1:1 relationship between AD accounts and HR listings.
Employees may have different AD accounts for different work tasks, different applications, and a host of other different reasons. They may also not have an AD account because they don’t need them, or there may be duplicates in AD with the same username even though they are for different people, requiring additional verification before merging.
To solve this challenge, IT teams need to determine the right identity attributes to use as unique identifiers for people—or create a new identifier if one doesn’t exist.
Then, use those attributes to identify each account and person uniquely, so each ID is represented exactly once on the global ID list.
It means looking beyond usernames, locations, and teams to find data unique to each person, such as employee ID numbers, start dates, etc.
Challenge 3: Determining a Data Source Migration Plan
It can be daunting when faced with the amount of work it takes to merge people into a global user list after an M&A. Each company has its own way of doing things when it comes to identity, whether it’s a unique identity and access management (IAM) strategy or using an outdated IGA application.
To help manage the transition, IT teams should create a roadmap for migrating the data sources of the two companies. Decide on which identity information, sources, and identity applications you will use and consolidate things to a more manageable level. The fewer sources and applications you deal with, the easier it’ll be, regardless of the new user base size. Consolidating and unifying identity data makes it easier to access and deploy on-demand, as you’ll know precisely which data stores to connect to, how they’re used, and what attributes they hold.
Challenge 4: Understanding Which Identity Applications to Migrate
Another challenge after an M&A is deciding on which applications each company will need to keep. Because there are larger considerations when it comes to enterprise applications such as license agreements, contract terms, and supporting data stores, it’s not as easy as deciding to use Application A simply because it’s the one the acquiring company uses. And when it comes to identity, it’s usually the applications that cause the biggest headaches to decommission.
Planning application migrations can alleviate some of the work and stress, as you’ll have a better idea of what’s happening and when. RadiantOne provides a staging layer for the migration and consolidation process. You can repoint SSO and other identity providers (IdP) to it as you work on the consolidation and migration of the identity data sources. Users retain access to the applications and systems they need as you work, and you can optimize the identity backend without extra pressures. Plus, if either company is still using legacy applications, you can choose to migrate or consolidate them—depending on the business case—without interruption to employees or business workflows.
Challenge 5: Developing a Full Picture of Employees Across Both Companies
Not only does each company have a different way of doing things, but each internal department or team does too. These differing views of employees make it hard to develop new processes, procedures, policies, and anything else you might need to understand your employees. And your identity management systems and applications often make it hard to create a full picture of employees, which is why many companies have so many different identity data stores like in AD, LDAP, and cloud solutions.
By federating identity, you can unify all the employee identity data you have, no matter where it’s stored. You’ll have a complete picture of employees, contractors, partners, and even customers if you want. Don’t forget about the importance of groups—if you’ve created dynamic user groups with relevant attributes, employees can automatically be added or removed from groups based on changes made to those attributes. With this approach, when a user’s attributes change, they’re automatically dropped without manual intervention.
Challenge 6: Breaking Free of Only Using a Single Federated Identity Provider
Most companies today use some mix of cloud applications in their tech stack. Yet integrating the cloud from an identity perspective is hard because cloud services often only federate identity with a single provider at a time. So, you can’t just hook up your newly acquired company to the cloud service you’re already using. And many on-prem systems work the same way; they’re designed to connect to a single endpoint.
The solution to this problem is to use RadiantOne as the single identity endpoint. It can connect to as many identity data stores as needed on the backend, while offering a single source of identity truth to the relevant applications. It can transform the identity data into the right format or protocol for the accepting application, as well as replicate the data across legacy, on-prem, and cloud data, making it a skeleton key of sorts.
Challenge 7: Using AD Incorrectly and Muddling Identity Data
Many companies have been using Active Directory (AD) for identity management, and struggle to move to a hybrid environment internally. That’s because AD designs are often based on delegated lines of administration, geography, or even office politics, and many people end up with multiple AD accounts. Further, AD doesn’t provide the visibility into user groups that’s needed to handle identity at a more granular level, making it difficult for applications to find the correct identity data they need. For example, if you’re under the Sales > West Coast nested group, your attributes won’t show the “Sales” attribute because you’re not a direct member.
With an Identity Data Fabric approach, you can remodel the data and flatten the groups to make it meaningful to consuming applications. It increases the visibility of identity data because you can see all relevant attributes that apply to each user (nested or not,) and requesting applications can retrieve identity data faster.
Challenge 8: Managing Identities for Acquisitions That Will Eventually Be Sold Off
One scenario often not considered is accounting for the long term plan with an acquisition: Will it be fully integrated, or is the plan to eventually sell off part of the business to another company? It needs to be integrated into the acquiring company so teams can work together seamlessly, but not so tightly that it’s difficult to spin off if it comes time to sell. You still need cross-entity access for employees across both companies for the duration of the investment, plus easy separation when the time comes. Fully integrating systems, networks, applications, and identities doesn’t make sense if you’ll need to reverse everything in the future.
To temporarily integrate the two and make it easy to spin off the acquired company later, use RadiantOne. You can use it as a staging center to build a global user list that combines the identity data of both companies and makes it available to each, and create views for application-specific identity information in the expected protocol and schema for applications used by each company.
When it comes time to sell, you can turn off the replication connections and decommission the identity connectors to the sold company. All without additional coding, significant time investment, or disturbing the identity data of the remaining company.
Optimize your identity management during M&As
Mergers and acquisitions are always a challenging time for IT, especially in today’s hypercomplex identity environments. You want to ensure employees can work with whatever applications they need right from Day 1, but not if there are duplicate user accounts, legacy applications that require extra configuration, or cloud applications that can only handle a single identity endpoint.
That’s why many companies are turning to a solution like RadiantOne. With this approach, you can optimize your identity management tasks before, during, and after an M&A. Create identity views in the correct format for the applications employees use, unify identity endpoints no matter where your data is stored, and make it easy for any application to get the relevant identity information it needs from Day 1.
Contact us today to find out how RadiantOne can optimize your identity management tasks before, during, and after a merger and acquisition. We can help you sort through the challenges to find the solution that works best for you.
Explore more
Subscribe to receive blog updates
Don’t miss the latest conversations and innovations from Radiant Logic, delivered straight to your in-box.