Success Story

Merkur Versicherung AG Relies on Garancy® Identity Manager as Their Central Authorization Administration Tool

With the introduction of the Garancy® IAM Suite, now new authorizations are only granted based on defined roles. Supervisors can use the Garancy® portal to independently manage the access rights of their team members. This results in a high degree of flexibility for the business departments while at the same time reducing the IT overhead.

The Beta Systems Garancy® IAM Suite was the only product that integrated seamlessly with our home-grown core insurance software.

merkur-versicherung-logo.png
Nikola Birkic
IAM Administrator, Merkur Versicherung AG

Initial Situation

When Merkur Versicherung was founded in Graz in 1798, the Holy Roman Empire under Emperor Franz II was in its final stages. This makes today’s Merkur Versicherung AG, headquartered in Graz, undisputedly the oldest insurance company in Austria. Nonetheless, in terms of technology and organization it has always been a frontrunner. With the IAM solution from Beta Systems, the insurance company now has complete control over who accesses which systems and when. It thus meets all the requirements of the financial supervisory authority, while benefiting from streamlined internal workflows at the same time.

While other companies were still pondering how best to distribute paper inboxes during the pandemic, Merkur already had an “eWorkplace” – an electronic workplace where correspondence is received exclusively digitally and forwarded to the right employee via workflows. “Many similar applications have been added to our IT landscape in recent years,” reports certified insurance brokerEva Kainz-Kaufmann with the Information Technology – IT Management department of the insurance group. For all of these applications, the insurer must define who can access any given system in what manner and for how long. Up until recently, these permissions had been assigned via a ticket system (Jira). In this system, the specialist departments had to create tickets to submit their requirements as to who may use which software and to what extent, and the administrators of the individual target systems then implemented these for the individual user in the respective systems.

Challenge

An internal IT audit performed in 2017 uncovered the actual effort associated with this approach. Authorizations used to be based on individuals rather than roles. As a consequence, an individual ticket was created for each authorization request and there was no general transparency on who had which authorizations at any given time. “When the financial supervisory authority made inquiries, we always had to find this information in the individual tickets,” says Eva Kainz-Kaufmann. For security reasons, in particular, it is essential to know at all times who has what rights for which systems. It is equally crucial to be able to assign or revoke these rights without delay.

Therefore, the insurance company decided in 2019 to introduce a central authorization management tool. The market was sounded out together with an external consulting firm. Three vendors were shortlisted out of an initial selection of ten. Beta Systems ended up on top with its Garancy® IAM Suite. In addition to the MIS (Merkur Information System), Lotus Notes, eWorkplace and Microsoft Active Directory (including other systems connected via these, e.g. an automatic mail generation solution) had to be integrated with the IAM software.

Implementation

First step: Implement the role concept. Merkur Versicherung AG started to create a new role concept alongside the introduction of the Garancy® IAM Suite. Existing systems and IT authorization structures were assessed and cleaned up from the ground up.

Outcome

With the introduction of the Garancy® IAM Suite, now new authorizations are only granted based on defined roles. The insurance company creates the roles in the Infoniqa HR system. Information such as the date of entry of employees, the department they work in and the position they hold there are of interest. Based on this data, each employee is assigned two basic roles: an organizational role and a business role (corresponding to the job profile). The organizational role basically defines the department of the employee, while the business role describes their activities in detail. This classification was decided by IT in consultation with the system owners as well as with the division managers of the respective department.

To pull off such a huge project during the pandemic solely via Webex was a remarkable achievement.

merkur-versicherung-logo.png
Martin Majhen
IT Manager, Merkur Versicherungen AG

Customer

merkur-versicherung-logo.png
Year of foundation
1798
Number of employees
1000
Head office
Graz
Sector
Financial services
Merkur Versicherung AG
Conrad-von-Hötzendorf-Straße 84
8010 Graz
Austria

Tags

Identity ManagementIAM

Share

Further Resources

Blog Article
it_operations.jpg

Empowering Non-Technical Users: How IT Democratization Drives Business Success

Empowering non-technical users is becoming a game-changer as enterprises across industries embrace hybrid IT environments. This shift presents exciting opportunities and unique challenges, from managing disconnected on-prem systems to orchestrating complex cloud-native solutions. By leveraging centralized orchestration and automation platforms, businesses can drive innovation and efficiency, underscoring how IT democratization fuels success in today’s competitive landscape.
Blog Article
soap-blog.jpg

What Is SOAP?

Unlocking the Potential of Service Orchestration and Automation Platforms
Blog Article
automation.webp

Maximizing Efficiency with Event-Driven Automation

Automation is becoming increasingly indispensable in modern organizations, driving efficiencies across departments and fields from infrastructure to DevOps. However, while most companies recognize the potential benefits of automation, many still struggle to make the most of it. Fragmented processes, disconnected tools, and poorly defined objectives often prevent organizations from reaching full automation potential. Here, we’ll explore a strategic approach to building a mature automation framework that enables seamless, efficient, and scalable operations.