Managing multiple IT systems across dispersed store locations created significant operational hurdles and communication bottlenecks.
BESTORE is a platform-oriented, digital, and product research and innovation company driven by a full category of snacks.
Challenges BESTORE Once Faced
l Complex IT Infrastructure
l Workforce Management Inefficiencies
High staff turnover and regular organizational shifts in retail locations resulted in time-intensive manual processes for employee onboarding, internal transfers, offboarding, and password resets.
l Authentication Security Weakness
Legacy systems relied on basic username/password authentication, leading to password fatigue and security vulnerabilities through password reuse and weak passwords.
l Inadequate Risk Control
Limited access control capabilities and insufficient monitoring of weak passwords, inactive accounts, orphan accounts, operation permissions, and privileged access created security governance gaps.
Bamboocloud IDaaS Solution
To address these challenges, BESTORE has chosen Bamboocloud IDaaS (hereafter IDaaS) to establish a unified identity and access management system.
l Seamless Identity Synchronization
By integrating SAP HR as the primary identity source, IDaaS automatically synchronizes organizational and identity data from SAP HR to DingTalk and Active Directory, ensuring data consistency across all identity sources.
l Automated Identity Lifecycle Management
IDaaS automates account management based on user groups or positions through integration with various downstream application systems, allowing for immediate access to necessary systems upon employee onboarding and automatic account deactivation upon offboarding, boosting both operational efficiency and security.
l Enhanced Employee Experience and Efficiency
IDaaS integrates all applications through protocols like SAML and OIDC into a unified user portal. Employees can authenticate through multiple options, such as AD credentials, SMS verification, and DingTalk QR codes, gaining seamless access to all authorized applications with a single sign-on experience.
l Comprehensive Audit Capabilities for Compliance
In addition to adaptive multi-factor authentication (MFA), robust password policies, and centralized permission management, IDaaS provides detailed audit trails for all administrative operations and employee access, enabling BESTORE to quickly meet compliance audit requirements.
l Zero Trust Security Architecture
IDaaS builds on Zero Trust principles to obscure internal application ports and implement continuous, real-time access control throughout each user session, ensuring the security of business access and application services.
Implementation Result
l User Base: 20,000+ users including employees, store staff, and franchisees
l Application Coverage: 20+ integrated applications as follows.
• Internal systems: SAP GUI, Weaver OA, Active Directory, product platform, member center, data portal, store management system, franchise system, and more.
• External/SaaS applications: DingTalk, Alibaba Mail, Alibaba Cloud, Jiandaoyun, Yunxuetang, Biz Travel, and more.
l System Performance:
• Daily Active Users (DAU): 6,000+
• Monthly Active Users (MAU): 20,000+
• Stable service delivery and business continuity ensured by auto-scaling capabilities
