Cloud

NASCIO 2022: Massachusetts Finds Success in Employee Identity Management

The commonwealth overcame many initial challenges by leaning into its Microsoft investment.

Mickey McCarter is the senior editor of StateTech Magazine.

The Commonwealth of Massachusetts has experienced a great deal of success in adopting a single identity and access management solution for its employees since committing to Microsoft Azure Active Directory in 2018, the state’s chief operations officer said Monday during the annual conference of the National Association of State Chief Information Officers.

Sean Hughes, Massachusetts assistant secretary for technology, security and operations, estimated the commonwealth is about halfway through migrating its employees into a single-sign-on portal where they can access all required government resources.

The effort, however, faced some initial challenges, many of which were overcome through the adoption of Azure AD.

Massachusetts negotiated with its employees union to smooth the adoption of a unified identity and access management solution because employees initially resisted using their phones for multifactor authentication.

“Whether it was our authenticator app, an SMS message or a phone call for two-factor authentication, we had to bargain with the unions in Massachusetts to get their buy-in for it,” Hughes said. “We were very successful in that.”

Soon after the effort commenced, the COVID-19 pandemic struck. Many employees began working remotely, and that posed more challenges for the unification effort. Azure AD’s capabilities have helped smooth those challenges.

Click the banner below to receive customized content as an Insider.

Active Directory Simplifies Employee User Management

Employees also were initially resistant to self-service help desk options, Hughes recalled. Employees would wait on service calls for up to an hour simply to reset their passwords. But eventually, resetting passwords became a widely accepted self-service task. “We’ve seen our wait times at our service desks drop dramatically,” Hughes said.

The Microsoft Azure Active Directory solution also simplifies deprovisioning users, he added. “User provisioning is pretty simple. Deprovisioning over the years has been a challenge.”

“One click, and essentially, I can now deprovision a user. We can not only take away their access to Microsoft Office 365 but we have our VPN within Azure AD as well. With one click, we can deprovision items. It’s a fairly clean and simple process,” Hughes said.

Massachusetts government employees across nine cabinet agencies use about 300 applications in total, and the commonwealth has made remarkable progress in migrating and unifying accounts for their use.

WATCH: Ohio officials explain how state citizens use the OH|ID platform for identity management.

Centralization of Citizen Services Poses Different Challenges

The government has made less progress to date on identity and access management for constituents and citizen services. So far, the government has unified only three applications through a shared IAM solution.

The largest application available for citizens is the commonwealth’s unemployment insurance system, which is not yet integrated into a single identity system.

“We just signed a contract to replace the unemployment insurance online system in Massachusetts, so we’ve opted not to migrate the identity service of that UI online as we move forward in the project,” Hughes said.

Massachusetts IT officials also are very aware that an upcoming election and a new administration could prove disruptive to a citizen IAM initiative. Hughes encouraged the next administration to begin a journey map of the citizen experience to lay the foundation for the adoption of a uniform IAM solution for citizen services.

“How do we start to really leverage it for our constituents, whether it’s a citizen, a taxpayer or a visitor doing business in the commonwealth?” he asked. “What do we need to move forward? There are a number of states doing it today, so this is of interest to us as well.”

Check out more coverage from the NASCIO 2022 Midyear Conference and follow us on Twitter at @StateTech, or the official conference Twitter account, @NASCIO, and join the conversation using the hashtag #NASCIO22.

Photography by Mickey McCarter