GM, Boeing Faced Uphill Battle To Reach Global Identity Management
Managers from two multinational companies share their tips on connecting employees, parts suppliers, other business partners, and outsourced software developers.
After several attempts, it's still hard to get distributed identity management systems to work together as one enterprise-wide system, but that remains GM's goal, said James Heaton, global director of identity management at GM.
In the field of identity management, it's called federation, where lots of different, geographically dispersed user-authorization systems are harnessed to work together. Federated identity management frequently leads to single user sign-on to corporate systems, which yields access to all needed applications and databases without repeated logging in.
With 280,000 employees doing business in 200 countries and manufacturing vehicles in 33 countries, however, GM has a larger problem in federating identity management systems than many companies. "A lot of vendor solutions halfway work for GM, but when we try to scale them, they break. We break almost everything we touch the first time we try to use it," Heaton told the crowd of over 400 at the Burton Group's Catalyst Conference in San Francisco on Wednesday.
GM at different times has implemented identity management systems from Novell, Siemens, Oracle's Oblix-based systems, and Sun Microsystems.
In addition, Heaton told attendees at the enterprise-focused event that the problem is growing much bigger than just meeting the needs of GM's employees. There also are 14,000 GM dealers, not to mention hundreds of GM's parts suppliers, other business partners, and outsourced software developers. A federated system is supposed to include all of them, he said.
He won funding from top management, not by technical arguments about federated identity management virtues, but by circulating a slide that showed authorizations of all types of users flowing through a single, corporate system. The users included outside business partners and suppliers.
"That picture reached corporate officers that I couldn't have reached on my own," he explained. Now he's trying to build a system that lives up to his pictogram.
GM has launched a companywide, federated system for its employees that works reasonably well but still needs refinement. For example, in the last 12 months GM deployed a system to reset passwords worldwide, covering passwords created in many languages. Soon afterward, the GM call center showed repeated spikes in calls coming from Portuguese speaking areas of the world, primarily Portugal and Brazil.
The new system asked a personal question of users that would identify them if they called in, having forgotten or lost a password. "I did everything the system told me to until I came to the validation question about my goat. I don't have a goat," the callers complained. Something had been lost in the new system's translation, Heaton noted.
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.