MAXWELL AFB-GUNTER ANNEX, Ala. --
The Integrated Logistics Systems Supply (ILS- S) Program Management Office (PMO) reached a significant milestone on Dec. 10, 2024, by successfully onboarding to the new enterprise Identity, Credential, and Access Management (ICAM) tool called SailPoint. The new tool uses AI and machine learning to automate workflows and make access decisions.
A need for an enterprise solution arose during the Fiscal Year (FY) 2022 audit cycle when the Department of the Air Force (DAF) received several Notices of Findings and Recommendations (NFRs) that highlighted the Defense Business System’s many audit concerns. These findings led senior leaders to vet several Courses of Action but ultimately landed on SailPoint as the DAF ICAM enterprise solution.
At a Business and Enterprise Systems (BES) senior leadership offsite, all applicable financial feeder systems were placed into a high-level roadmap by groups to meet the FY26 material weakness downgrade. ILS-S was placed in group two with onboarding set to begin in the second quarter of FY23. The integration of SailPoint into the ILS-S system was a multi-phase project that required meticulous planning, development, and testing to ensure a seamless transition without disrupting user’s access. Here’s an overview of the process and key insights from the project.
Laying the Foundation
The ILS-S team was able to move through phase one of the integration rapidly, primarily because the system already leveraged the Global Content Delivery Service as its identity service provider. This alignment of existing infrastructure with SailPoint’s requirements allowed the team to quickly produce system artifacts, provide system demonstrations, and establish a solid foundation for the project, enabling a smooth transition to development.
Development Phase: Overhauling User Access and Business Processes
The development phase represented a significant undertaking, with the ILS-S user provisioning system undergoing a complete overhaul. The primary objectives during this phase were to:
- Establish connectivity to the tool through the ILS-S User Management Application Programming Interface (API). This was completed with the tool connecting to ILS-S through an ILS-S maintained Representational State Transfer (REST) API. REST API is a type of web API.
- Restructure the user construct within ILS-S to align with the tool's framework.
- Develop a transition process that would allow for the seamless migration from the existing provisioning tool to SailPoint, ensuring no disruption to users' capabilities.
This phase required a comprehensive redesign of ILS-S’s automated user access capabilities and business processes, which contributed to the project’s five-month timeline. The extensive changes ensured that the new system could fully support the solutions identity management features, while also maintaining consistency with organizational needs.
Technical Challenges: Avoiding User Disruption
One of the primary technical challenges during development and integration was maintaining existing user capabilities while simultaneously prepopulating the new user data constructs to align with the enterprise solution. This necessitated the creation of a synchronization system within ILS-S so that changes to existing user data would be accurately reflected in the tool during testing and roll-out to production. Successfully achieving this goal limited the impact for users on the Go-Live date with disruption to less than 1% of the over 18,000 active users in ILS- S.
Agile Approach: Asynchronous Development and Testing
A key feature of the project was the adoption of an agile methodology, where development and testing phases occurred asynchronously. This approach allowed for iterative progress, enabling the ILS-S team to address issues and refine processes as they emerged. The agile approach not only facilitated faster adjustments but also ensured that every step of the process was aligned with the evolving requirements of the system.
Rigorous Manual Testing: Ensuring Quality at Every Stage
Throughout the project, ILS-S conducted rigorous manual testing at multiple stages. From early functional testing to comprehensive production verifications, the testing efforts were designed to validate both the technical interfaces and the new business processes. This continuous testing ensured that the integration worked as intended and met the expectations for end users. The iterative nature of testing, combined with the close feedback loop from development, helped identify and resolve potential issues early on, minimizing the risk of disruptions during deployment.
Conclusion: A Successful Transition
The transition to new enterprise solution for ILS-S was a complex yet well-executed process that involved a careful reconfiguration of user access management and business processes. By employing an agile methodology and ensuring thorough testing at every stage, ILS-S was able to successfully integrate the tool without compromising users’ capabilities. This project serves as a great example of how careful planning, flexibility, and rigorous quality assurance can enable smooth migrations to advanced identity management systems. This ICAM solution will assist ILS-S and the BES portfolio in maintaining audit readiness and limiting NFRs by ensuring user access is validated through the proper chain-of-command and permissions.