Zero-Touch automation – Oracle Fusion ERP roles provisioning
- Customer
- Saudi Mining Company (Ma'aden)
- Project manager on the customer side
-
- IT Provider
- TRPGLOBAL
- Year of project completion
- 2025
- Project timeline
- September, 2024 - October, 2025
- Project scope
- 10000 automated workstations
- Goals
-
Challenges:
- Manual Role Assignment Inefficiencies
- Audit and Compliance Risks
- External Auditors declared that excessive elevated access and unable to rely the system for Financial Audit
- New employee waits for 5 days to get access to the system
- Lack of Real-Time Monitoring
- Segregation of Duties (SoD) Violations
- Fragmented Governance and Ownership
- Technology Gaps
Goals:- No manual intervention in Joiner, Movers, Leavers, and additional roles provisoning
- Improved governance, security, and operational efficiency in ERP systems.
- Integrates Oracle Risk Management Cloud, iAccess App, and Oracle Fusion cloud ERP
- Redesign 1000+ roles with automated provisioning and segregation-of-duties checks.
- Project Results
-
1. Business Impact
- Reduced onboarding delays, eliminated manual provisioning, and saved over 50 hours/month in access management tasks.
- The automation has significantly lowered compliance costs and improved audit response times.
- No super-user access is granted to business users—ensuring security without compromising agility.
- Preventive SoD checks are embedded in the workflow, with elevated access restricted to IT and consultants only.
- Audit trails are logged in Oracle RMC, enabling continuous self-audit and compliance monitoring.
- 99.86% Cycle-time reduction - from 5 days to 10 minutes
- 21,000 manhours Saved annually
- USD 2M+ annual saving in software licensing subscription
- Zero elevated access granted to business users
- 90% reduction in Segregation of duties conflicts
The uniqueness of the project
- Co-innovation and no such solution exists in Oracle ERP or with any organization. Its a new innovation that works with all ERP Applications (Oracle, SAP, ...)
- 99.86% Cycle-time reduction - from 5 days to 10 minutes
- 21,000 manhours Saved annually
- USD 2M+ annual saving in software licensing subscription
- Zero elevated access granted to business users
- 90% reduction in Segregation of duties conflicts
- Auto-provisioning based on personas saves over 50 hours monthly in management tasks.
- Preventive SoD checks and restricted elevated access strengthen compliance and security.
- Reduced errors, faster onboarding, and role scalability drive digital transformation
- Promote and Market the solution to all Oracle Fusion ERP customers
Pay-back period less than 3 months
- Used software
- Newly developed iAccess solution using Oracle Apex and GenAI
- Difficulty of implementation
-
- Define the user personas
- Integrate with Oracle RMC and Oracle Fusion
- 1000+ Oracle roles clean-up with 1.4M changes to Data security policies
- Dynamic selection of user Business group to auto-assign the data security
- Project Description
-
1. Strategic Importance
- This initiative directly supports Maaden’s IT Governance and Risk Management goals by enforcing least-privilege access and eliminating Segregation of Duties violations.
- It aligns with our broader digital transformation strategy, integrating Oracle Fusion ERP, Risk Management Cloud.
- Developed a custom OCI-based iAccess App embedded in Oracle Fusion to automate role provisioning.
- Over 700 roles were analyzed, 350 deep-dived, and 50 new roles created to minimize SoD conflicts.
- The system dynamically assigns roles based on business unit logic and persona mapping—zero-touch, real-time, and audit-ready.
3. Stakeholder Engagement- We conducted workshops with AMS, Procurement, and ICT teams to validate and clean up roles.
- Business stakeholders signed off on redesigned roles with no impact on onboarding activities.
- The automation logic is extendable to other platforms like SAP.
- We’ve established managed services and BAU support for ongoing governance and persona updates.
- Project geography
- Saudi Arabia, Middle East
- Additional presentations:
- Zero-Touch Automation - Oracle roles provisoning - success story - v1.0.pdf