Microsoft Windows Server System

Customer Solution Case Study

Mutual Life Insurer Synchronizes

Identity Information Across Multiple

Overview “MIIS 2003 SP1 has worked flawlessly from

Country or Region: United States
Industry: Insurance
inception to help us simplify identity
management throughout our systems.”
Customer Profile
Jeff Skalicky, Senior Enterprise Infrastructure Architect, Penn Mutual
Penn Mutual is the nation’s second
oldest mutual life insurer. Founded
in 1847, the company provides life
insurance and annuities through a The Penn Mutual Life Insurance Company, one of the
national network of financial
professionals. oldest mutual life insurers in the United States, was
using manual processes to manage identity data. This
Business Situation
Penn Mutual wanted to automate was time consuming and didn’t always ensure that
information management processes identities were updated consistently across the com-
and provide single sign-on access to
multiple systems available through pany’s different information source systems. By
its portal, as well as increase portal implementing Microsoft® Identity Integration Server
security.
(MIIS) 2003 Enterprise Edition Service Pack 1 (SP1),
Solution Penn Mutual has automated its identity information
Penn Mutual is using Microsoft®
Identity Integration Server 2003 tasks. MIIS 2003 SP1 aggregates user profile data from
Enterprise Edition Service Pack 1 to multiple systems and synchronizes it to the organiza-
automatically aggregate user profile
information and synchronize that tion’s centralized directory, which ensures that identity
information across multiple source data is up-to-date. As a result of automating these
systems.
processes, Penn Mutual is reducing the cost of
Benefits managing identity information, decreasing help-desk
 Greater administrative efficiencies
 Better control of identity
costs, and increasing the security of its internal portal
information through role-based access control.
 Cost savings of 75 percent
compared with other solutions
Situation
Founded in 1847, the Penn Mutual
Life Insurance Company is
headquartered in Horsham,
Pennsylvania, just outside
Philadelphia. It is the second oldest
mutual life insurer in the United
States, with life insurance and annuity
products sold through a national
network of financial professionals. By
offering customers sophisticated
products and easy-to-understand
consumer materials, Penn Mutual
provides solid financial options to
meet clients’ immediate and future
needs.
Penn Mutual created an internal
portal, called Producers Place, to
provide an efficient way for field
representatives to access critical
business and customer information
online. In addition, field
representatives—which include
independent and internal agents, field
managers, and sales support staff—
can access brokerage services
through Hornor, Townsend & Kent, a
wholly owned subsidiary of Penn
Mutual.
Access to data on the company’s
secure portal was accomplished
through a client database. Active
Server Pages, which were managed
through a homegrown security
application, provided authentication
and authorization for the portal. The
Active Directory® service, a
component of the Microsoft® Windows
Server™ operating system, provided
the repository for user identity
information and authenticated
identities against the security
application.
At Penn Mutual, like in many
organizations, identity information
exists in many different data systems,
including human resources, payroll,
client management, distribution
management, and a third-party
solution used by external brokers and
dealers. The problem with multiple
information sources is the duplication
of identity information and the fact
that different directories can contain
conflicting identity information about
the same person or resource.
Penn Mutual had no way to
synchronize information among the
different source systems, except
through manual processes. Updates
to data in one information system, for
example, were not automatically
reflected in that same user account in
another system. Manually tracking
and keeping information current
across all systems was time con-
suming, and there was always the
chance that something was missed.
This left users unsure whether the
information that they were viewing
was the most recent.
Penn Mutual wanted to replace
manual information update processes
with a solution that would aggregate
user profile information across
multiple information source systems.
IT administrators also wanted to
simplify information access by giving
users single sign-on capabilities and
some level of self-service such as the
ability to change passwords.
Achieving these goals would reduce IT
 staff involvement in common tasks as
well as reduce help-desk calls.
Solution
The IT group at Penn Mutual
evaluated several metadirectory
systems before selecting an identity
management solution. The group
looked at system costs, the ability to
support a variety of identity
repositories, and single sign-on
functionality, among other features.
Taking into account the fact that the
company’s identity infrastructure was
“Our IT built on Active Directory, Penn Mutual
administrators have selected Microsoft Identity Integration
Server (MIIS) 2003 Enterprise Edition
more control of Service Pack 1 (SP1). Part of Microsoft
identity information Windows Server System™ integrated
server software, MIIS 2003 SP1 offers
now that we are broad interoperability capabilities,
using MIIS to including integration with a range of
identity repositories, management
manage the flow of across multiple source systems, and
data between the ability to automatically detect
updates and share the changes
connected source across systems.
systems throughout
IT administrators now can manage
our enterprise.” user information across both the
Greg Driscoll, Assistant Vice President Active Directory service and
for Technology Architecture, Penn Lightweight Directory Access Protocol
(LDAP) directories. For example, MIIS
2003 SP1 draws identity information
from the company’s different source
systems, and then uses that
information to authenticate user
access to the Producers Place portal.
By using MIIS to create a central
identity store, account managers now
can synchronize passwords across
multiple systems, providing common
logon information throughout
systems. It is no longer necessary to
use multiple systems to change user
names or passwords across all
systems.
“MIIS 2003 SP1 has worked flawlessly
from inception to help us simplify
identity management throughout our
systems,” states Jeff Skalicky, Senior
Enterprise Infrastructure Architect for
Penn Mutual. “To enter the Producers
Place portal, all the user has to do is
type his or her user name and
password, and a Web service sends a
request to Active Directory by way of
our Web security system.”
To solve the issues that resulted from
identity data residing in multiple
sources, Penn Mutual is using MIIS as
a new data store that is an aggregate
of information in these systems. By
combining the data for a specific
person or resource, it creates a single
entry that contains some or all of the
identity information from each
connected data source.
“Think of MIIS as the bottom of a
funnel,” says Greg Driscoll, Assistant
Vice President for Technology
Architecture at Penn Mutual, “with
three or four source systems at the
top and MIIS at the bottom
incorporating all the information. MIIS
brings all the information together to
represent one data store that
provides user roles as well as ensures
that records are updated.”
The aggregated user profile provides
IT staff with different views and
different data based on the user’s
role. A user’s role is defined by a
series of attribute values. MIIS applies
the attribute values to authenticate
users into back-end systems once
they are logged on to the Producers
Place portal, providing access control
so that only those with appropriate
roles or privileges can access certain
information or resources. Skalicky
explains, “If you’re an agent, you’ll
have access to certain information
and possibly to certain embedded
applications. If you’re a field
manager, you’ll have access to a
different combination of resources.
This level of control gives us better
system security.”
Before implementing MIIS, the
account creation group would be
involved, hands on, throughout all
aspects of setting up a user account
on the portal. After receiving a
request for a new user account, and
before a user could ever log on, this
group would have to review and
validate all information, and then set
up the account. Now, MIIS evaluates
the account application against preset
access privileges to automatically
accept or deny a request based on
the user’s role.
In addition, MIIS compiles a user’s
data into an LDAP directory. When the
user self-registers, MIIS synchronizes
that identity information from the
other source systems. This creates
the ability for that individual to gain
entry into the desired area of the
portal—without requiring the
involvement of the account team.
Benefits
Penn Mutual has replaced manual
identity management procedures with
an automated solution, using
Microsoft Identity Integration Server
2003 Enterprise Edition Service Pack
1 as the company’s core identity
information database. It provides the
functionality to put those using the
Producers Place portal in touch with
appropriate, accurate information,
while reducing security risks to the
portal related to previous processes.
Greater Administrative Efficiencies
With the new identity management
solution, IT administrators can
automatically aggregate user profiles
and synchronize that information
across the company’s multiple infor-
mation source systems. “Automating
this previously manual process
reduces administrative involvement
while maintaining the consistency and
integrity of data throughout the
enterprise,” says Driscoll. “Help-desk
staff can work more efficiently, and
they no longer have to access
multiple systems to manage profile or
identity information.”
Better Control of Identity Information
IT administrators benefit further from
the ability to resolve conflicts in
identity information automatically and
establish rules to determine which
data source directory contains the
authoritative value for a specific
attribute. MIIS then automatically
updates all the other data sources
with that authoritative value. “Our IT
administrators have more control of
identity information now that we are

“The easy-to-use
self-registration
capabilities enabled
by MIIS are
improving the user
experience, and, by
leveraging Active
Directory, help-desk
involvement in
password resets has
declined by as much
as 30 percent.”
Jeff Skalicky, Senior Enterprise
using MIIS to manage the flow of data providing robust trust management,
between connected source systems reusability, and reporting tools, which
throughout our enterprise,” says allows administrators to control
Driscoll. exactly what data is shared and with
whom. “MIIS helps us make the portal
Cost Savings of 75 Percent Compared more secure because we have all the
with Other Solutions data in aggregate now. We can rely
Because Penn Mutual was already on that data to verify the identity of
running Microsoft Windows Server someone who is registering, and then
2003, the MIIS solution easily gained provide or deny access accordingly,”
approval. As Driscoll explains, “When Driscoll concludes.
compared with other metadirectory
products in the marketplace, this
solution cost approximately 75
percent less. Furthermore, it offers
advanced integration with Active
Directory, which we are using to
provide a single sign-on Web interface
as well as to give users the ability to
set and reset passwords across
multiple systems.”
Faster Account Setup, 30 Percent Cut
in Help-Desk Password Resets
Tasks associated with the initial setup
of user accounts presented one of the
greatest costs for the Penn Mutual
help desk—to say nothing of the
frustrations involved in setting up
user accounts because they often
required multiple contacts. “The easy-
to-use self-registration capabilities
enabled by MIIS are improving the
user experience, and, by leveraging
Active Directory, help-desk involve-
ment in password resets has declined
by as much as 30 percent,” says
Skalicky.
Increased Portal Security Through
Access Control
MIIS 2003 SP1 is helping Penn Mutual
gain better portal security by
For More Information
For more information about
Microsoft products and services, call
the Microsoft Sales Information
Center at (800) 426-9400. In
Canada, call the Microsoft Canada
Information Centre at (877) 568-
2495. Customers who are deaf or
hard-of-hearing can reach Microsoft
text telephone (TTY/TDD) services
at (800) 892-5234 in the United
States or (905) 568-9641 in Canada.
Outside the 50 United States and
Canada, please contact your local
Microsoft subsidiary. To access
information using the World Wide
Web, go to:
www.microsoft.com
Microsoft Windows Server
System
Microsoft Windows Server System is a
line of integrated and manageable
server software designed to reduce
the complexity and cost of IT.
Windows Server System enables you
to spend less time and budget on
managing your systems so that you
can focus your resources on other
priorities for you and your business.
For more information about Windows
Server System, go to:
www.microsoft.com/windowsserversy
stem

For more information about the

Penn Mutual Life Insurance
Company, call (215) 956-8000 or
visit the Web site at:
www.pennmutual.com

Software and Services  Technologies

 Microsoft Windows Server System − Active Directory
− Microsoft Windows Server 2003
Enterprise Edition Hardware
− Microsoft Identity Integration  HP DL 380 server computers with
Server 2003 Enterprise Edition dual processors and 4 GB of RAM
© 2006 Microsoft Corporation. All rights reserved.
This case study is for informational purposes only. Service Pack 1
MICROSOFT MAKES NO WARRANTIES, EXPRESS OR
IMPLIED, IN THIS SUMMARY.
Microsoft, Active Directory, the Windows logo,
Windows Server, and Windows Server System are
either registered trademarks or trademarks of
Microsoft Corporation in the United States and/or
other countries. All other trademarks are property of
their respective owners.

Document published February 2006