Efficiency through Identity Management for Palacký University in Olomouc

The aim was to provide a single central record of user accounts and permissions in the heterogeneous environment of upol. AC identity product fulfilled the requirement for an efficient and automated identity management process.

Realization 2019

aricoma avatar

Customer profile

Palacký University in Olomouc (Universitas Palackiana Olomucensis) was founded in 1573 and with its almost 450 years of tradition it is the second oldest university in the Czech lands after Charles University, and the oldest in Moravia. At present, UPOL consists of eight faculties and has more than 22,000 students.

Baseline and project objectives

Palacký University in Olomouc was faced with the problem of decentralized access to manage more than 30,000 user identities of employees, freelancers and students. These identities were managed manually in the internal LDAP, as well as in AD and OpenLDAP and in individual systems of the university.

In order for the University to operate more efficiently, new technologies needed to be applied to automate the management of these identities. docílit tak automatizace správy těchto identit.


  • Establishment of a central and automated management of access permissions
  • Unification and increased transparency of processes
  • Increased availability of data for auditing and increased traceability of changes made
  • Centralised identity management guarantees higher productivity


To meet the requirement for an efficient and automated user identity management process, the AC Identity product was implemented. The implementation of the product resulted in the creation of a single central record of user accounts and permissions across three directory services and other major systems.

Data sources for IDM on organizational structure, employees, students and external staff are SAP HR (for employee information), STAG (for student information) and external staff databases. Due to the multiple input systems, advanced logic was implemented to import the source data. IDM manages all identities in the connected systems and all directory services. AD as a system that enables user authentication is a key part of the organization. Once IDM is implemented, AD is the target system, along with LDAP and OpenLDAP. As part of the development of IDM, integration has been extended to other ADs within the university and faculty organisation.
Currently, IDM manages users in other key systems of the University such as MS Exchange, Sendmail, Internal Rules, GSuite, INIS, User Portal, SAP, DYNAS, KREDIT and the ID card system.

Beyond the standard identity management processes, other advanced features have been implemented such as automated role assignment based on advanced rules, notifications, requests and their approval within and multi-stage approval workflow, web interface not only for password reset, auditing and reporting.

Used technologies

  • AC Identity


Are you interested in more information or an offer for your specific situation?

By submitting the form, I declare that I have familiarized myself with the information on the processing of personal data in ARICOMA.