Hanshow managed multiple employee identity sources across departments, such as Beisen (HR), WeCom (HR), and AD (IT), and each department independently managed employee lifecycle processes. Interdepartmental communication was primarily conducted through tickets and emails, often resulting in data inconsistencies and processing delays.
Hanshow provides digital technology to help stores and facilities reduce operational costs, increase sales, and deliver a better experience for their customers. As retailers around the world face a range of challenges to remain profitable amidst surging e-commerce and delivery, rising labor costs and turnover rates, and shifting consumer demands, Hanshow develops solutions that help retailers survive and thrive in this era of uncertainty.
Challenges Hanshow Once Faced
l Multiple Identity Sources and Data Inconsistency
l Complex Application Access and Permission Management
The daily operations of Hanshow relied on 40+ business applications as follows.
• R&D: Multiple GitLab instances
• Infrastructure: Qizhi Bastion Host, Microsoft Azure, Grafana, Zabbix, ELK, Seafile
• Business: Odoo (ERP/CRM), Budget Management, SAP Concur
• Workplace: Beisen HR, Weaver OA, WeCom, Magicdemy, Jira, Confluence, Microsoft AD
Manual processes for granting application access to new employees were time-consuming and prone to delays. Similarly, when employees left, the lack of centralized permission management made it difficult to quickly remove related permissions, creating security vulnerabilities.
l Global Identity Management Challenges
With a global workforce, Hanshow struggled with cross-domain and timezone coordination. Poor identity synchronization between HR, IT, and business units led to administrators spending excessive time on basic tasks like account creation, permission updates, and password resets, significantly increasing operational costs.
l Poor User Access Experience
While some applications (like Jira and Wiki) used AD authentication, others (such as SAP Concur, Weaver OA, and Magicdemy) required separate login credentials. This inconsistency created confusion about which credentials to use where, and the lack of single sign-on capability hampered productivity and collaboration.
l Compliance and Audit Complexity
As a global company, Hanshow must comply with various standards including ISO 27001, Level 3 Classified Protection of Cybersecurity, and SOC 2. These frameworks require strict oversight of user authentication, password security, and access permissions. However, Hanshow's decentralized system made compliance audits particularly challenging, requiring extensive manual data gathering and analysis.
Bamboocloud IDaaS Solution
To address these challenges, Hanshow has chosen Bamboocloud IDaaS (hereafter IDaaS) to establish a unified identity and access management system.
u Seamless Identity Synchronization
By integrating Beisen HR as the primary identity source, IDaaS automatically synchronizes organizational and identity data from Beishen HR to WeCom and Active Directory, ensuring data consistency across all identity sources.
u Automated Identity Lifecycle Management
IDaaS automates account management based on user groups or positions through integration with various downstream application systems, allowing for immediate access to necessary systems upon employee onboarding and automatic account deactivation upon offboarding, boosting both operational efficiency and security.
u Enhanced Employee Experience and Efficiency
IDaaS integrates all applications through protocols like SAML and OIDC into Hi Hanshow, an employee portal developed by Hanshow. Employees can authenticate through multiple options, such as AD credentials, SMS verification, and WeCom QR codes, gaining seamless access to all authorized applications with a single sign-on experience.
u Comprehensive Audit Capabilities for Compliance
In addition to adaptive multi-factor authentication (MFA), robust password policies, and centralized permission management, IDaaS provides detailed audit trails for all administrative operations and employee access, enabling Hanshow to quickly meet compliance audit requirements.
