Modernizing and Updating an Existing IAM System at Union Investment

For several years now, the system integrator iC Consult has been supporting Union Investment with an IAM system based on One Identity. In order to meet increased requirements, a multi-stage upgrade has been carried out since 2017.

At a glance




  • Introduction of a company-wide system for specialist role management
  • Migration from V6 to V8, focusing on performance and usability optimization in the web frontend
  • Merging rights assignment and hardware and software ordering

Products and services:
One Identity


  • Significantly more efficient role management
  • Approx. 30 % greater efficiency during recertification
  • Modern, intuitive user interface


Taking care of close to 349.1 billion euros in assets, the Union Investment Group is the expert for asset management within the FinanzGruppe cooperative, and one of Germany’s largest investment companies. 3,144 employees manage 1,221 funds for private and institutional investors. In total, more than 4.5 million customers entrust their money to Union Investment.
(Figures as of: June 30, 2019)


For some time, Union Investment has been using an IAM system based on One Identity. To make internal processes even more efficient, an upgrade from version V6 to V8 was carried out. A key part of this was completely redesigning the user interface to better meet users’ needs. A further step was introducing a uniform, automatic role management system. Last but not least, the systems for assigning rights and for ordering hardware and software were brought together under one “roof”.


Uniform management of specialist roles
Assigning authorizations is a complex, time-consuming process. Traditionally, these authorizations are issued by the respective supervisors and must be recertified at regular intervals: every six to twelve months. However, it is not always clear to the supervisor whether or why certain authorizations are required. To avoid delays, even doubtful authorizations are assigned. This results in potential security gaps. Role-based rights assignment was selected to remedy this. In over 80 workshops at all locations, department and group managers together looked at which authorizations can be combined for which roles. Typical authorization bundles were quickly formed. The automatic assignment of these “specialist roles” eliminates the need for thousands of individual assignments.

The benefit can be measured by the number of recertification processes. Last year there were 280,000 such processes. After automated role assignment was implemented, this number dropped to just over 200,000. This corresponds to a nearly 30 % increase in efficiency.

Dieter Fromm
Union Investment
Senior Project Manager

„Making several adjustments simultaneously is always a challenge. Although we’ve been working successfully with iC Consult for years, we are thrilled with how quickly and reliably they automated the specialist role management system, completely redesigned the web frontend, and integrated the hardware and software ordering process.“

All three requirements were implemented reliably and on time by iC Consult. The new automated system for specialist role management not only relieves employees of a monotonous task, but also improves security within the company. The new web frontend is already proving to be a milestone in UX design for One Identity systems. And by combining specialist role management with hardware and software ordering, valuable resources can be used together, thus boosting efficiency and cutting costs.

Customized user interface
Looking to enable rapid implementation and ensure update capability, Union Investment had been using the standard One Identity interface. A UX design expert was brought on board to improve the user experience. She conducted various workshops directly with the users and soon encountered a classic problem. While IT developers like to present all available functions bundled, users want the opposite: clear, tidy interfaces that support them in their daily tasks.

Instead of simply doing a cosmetic overhaul, iC Consult completely separated the web frontend from One Identity. Subsequently, until the end of 2017, numerous click dummies were created in close cooperation with the UX specialist in order to design the optimal user interface for Union Investment. The objective: Ideally, each target should not be more than three clicks away from the start screen. The result already won people over during the test phase, attracting a lot of interest at the One Identity User Conference 2018 in Cologne. After all, One Identity is currently developing its own component API, which will allow users to adapt the interface to their needs. So a large crowd wanted to experience the benefits of such an adaptation live.

The number of planned training sessions also reveals how intuitive the new version is. While the launch of the first version was accompanied by 52 on-site training sessions, this launch needed only 16. In addition, users can learn the new functions independently – via webinars and videos.

Two become one
Union Investment previously used two separate systems based on One Identity – one for assigning rights, the other for ordering hardware and software. In order to make better use of possible synergies (double data storage, redundant processes), both systems were merged. Thanks to the uniform structure, existing resources can be used more efficiently. In addition, maintenance costs are reduced and security is increased.


Looking for a new job?

Join iC Consult!

Find Job



IAM for the Cloud Era


Webinar: IAM Managed Services

Watch Now

Centralized IAM for over 300,000 Identities | DB Schenker

Read Reference