The aim of the analysis was therefore to describe the AS-IS, TO-BE, and GAP analysis, propose an architectural solution, design a suitable IdM tool and at the same time analyze (in the form of questionnaires) 50 internal systems with an assessment of the suitability of integration (yes/no needs) and form (on/offline or AD control).

It was agreed with the customer that the following areas would be analyzed primarily:

• key systems in the company with regard to user account management
• employee and outsourced employee life cycle from entry to exit, for employees also analysis of multiple job roles and their impact on IT
• the process of dealing with requests for granting and withdrawing access; the focus was on the current application of the Form, i.e., in particular the identification of requests that will be transferred to IdM
• the lifecycle of privileged identities (administrators, developers, and administrators with higher privileges)
• the lifecycle of application/system identities (service, application, and technical accounts)
• Role management lifecycle, SoD rules
• identity lifecycle reporting requirements
• automation requirements for relevant processes
• current audit findings, CNB and NBS requirements, internal regulations and standards, requirements arising from ZoKB and VoKB in the area of identity management

To facilitate the process and also the required synergy and allocation of JTS resources, the analysis was divided into stages according to applications and interviewees.

• The first stage focused on HR (and the associated KS system application) and the Forms application
• the second stage then focused on AD and the original scope was also to focus on the application Docházka CZ and Docházka SK; unfortunately over time it was found that this would be completely replaced by the JIRA application and therefore the scope was changed which also led to an extension of the BAN
• the third stage dealt primarily with the integrity of the outputs from the previous stages and the design of the integration and cooperation between the IdM tool and the JIRA application was completed

The collected information was processed into written form and BPMN diagrams. The final report totals over 50 pages of text with the following content:

• description of the current status in the identified areas (AS-IS)
• a proposal for the target state of business processes and IdM architecture (TO-BE)
• an inventory of the process and technical steps required to achieve the target state (GAP)
• architectural design for the implementation of IdM in the bank’s architecture
• Identification of risks and prerequisites for starting the IdM implementation project
• inputs to meet regulatory, security, and legal requirements
• evaluating the feasibility of key functional and non-functional requirements on the midPoint platform
• evaluating the feasibility of key use-cases on the midPoint platform
• recommendations on the choice of a specific IdM tool – midPoint selected

Beyond the original scope, the bid for the next phases of the project was also delivered with a breakdown into individual stages/deliveries and the first 2 stages were also properly priced as an official commitment from AMI Praha.

In accordance with the request, the delivery included the analysis of another 50 key information systems of J&T Bank. This analysis was carried out in the form of a single questionnaire sent to the owners of each system. The questionnaire contained a set of architectural, operational, technical, and process questions. On the basis of this questionnaire, the classification of each system in terms of possible integration to IdM was made with the information that:

• The system is fully integrated into another system (typically Active Directory) and so integration to IdM is not necessary.
• The system is not integrated into IdM in any way (unclear future, not managed by J&T, etc.).
• The system is integrated with IdM via an online connector or offline.
• The system is integrated with IdM, but a change in the management and administration roles of the system needs to be implemented to match the proposed TO-BE processes and to allow for connection to IdM either directly via the online connector or indirectly via AD.

In conclusion, the output is fully valid and will serve as a basis for the next project stages with the integration of the IdM midPoint tool into the Bank’s JTS structures. The overall evaluation of the contract by the customer is rated 1, which says that the expectations from the customer have been met.