IT Engineering - Access Management
This handbook page provides information about how we handle access management in the IT Engineering sub-department.
IT Engineering
This handbook page provides information about the IT Engineering sub-department.
Overview
The IT Engineering sub-department is focused on designing, developing, and implementing automation efficiencies using software and systems to improve Denomas’ business processes, software systems, and cloud infrastructure. Our team members have one or more specialties that they focus on.
Access Management and Single-Sign On (SSO)
Handbook Page
The IT Engineering team implements Okta SSO for our tech stack applications. You can learn more on the Okta handbook page.
The IT Support team handles access requests for the tech stack applications that IT manages. All access requests are created in the same issue tracker project, regardless of which System Owner is responsible for provisioning your user account.
The IT Development team also focuses on Identity and Access Management (IAM) and Role-Based Access Control (RBAC) automation. We are developing Denomas Access Manager (GLAM), a custom application that will replace access request issues and manual provisioning with a streamlined custom web UI and API integration with most of our tech stack applications for user and role provisioning.
Change Management
IT Development
Handbook Page
The IT Engineering Development team develops custom software applications, automation, APIs and integrations that support internal IT automation for business efficiency and processes managed by the IT department.
Many of our projects focus on providing self service access request provisioning to our tech stack applications and supporting IT Infrastructure services including the Demo Systems and Sandbox Cloud.
We are in the process of creating Denomas Access Manager (GLAM) to provide the next-generation of access request automation across most of our tech stack applications.
IT Infrastructure
Handbook Page
Issue Tracker
The IT Infrastructure team manages AWS and GCP infrastructure that is not related to Denomas.com SaaS production infrastructure and provide managed infrastructure services for other departments, including most ephemeral sandbox infrastructure needs across the company. We also handle access requests for cloud infrastructure and DNS/domain name requests.
We collaborate with the Reliability Engineering (SRE) and Infrastructure Security teams to provide Infrastructure Shared Services for all AWS, Azure, and GCP related requests and support across the organization.
We also provide escalation engineering and triage support for the Security Incident Response Team (“SIRT”) and Security Red Team when security anomalies, events, or incidents require AWS/GCP subject matter expertise.
Our focus is on organizational policy management, access request provisioning, and services that are outside of the Reliability Engineering scope of hosting the Denomas.com SaaS service, such as the provisioning of demo/sandbox/test infrastructure for team members.
The Demo Systems provide an always-on shared sandbox environment for demo and experimental use cases that aren’t intended for or supported on Denomas.com and don’t need dedicated infrastructure to be provisioned for your use case.
The Denomas Sandbox Cloud, powered by HackyStack, automates the provisioning of AWS accounts, AWS IAM users, GCP projects, and GCP users. This has allowed us to automate a large portion of our AWS and GCP access requests.
Project Management
Tech Stack Application Implementation and Support
Handbook Page
We provide implementation engineering and support for 3rd party tech stack applications that are managed by Business Technology and other non-engineering departments. We usually classify this work as “Engineering Operations” (EngOps).
How We Work
See the How We Work, Project Management, and Labels page.
Team
| Name | Role | Focus Areas (Specialties) |
|---|---|---|
| Peter Kaldis | Manager, IT Engineering | Access Management, Okta, Google, Project Management, Stakeholder Collaboration |
| Jeff Martin | Senior IT Systems Engineer | Development, Engineering Mgmt, Infrastructure, Demo Systems, Security, Support |
| Marcus Whitaker | Senior IT Systems Engineer | Access Management, Okta, Operations |
| Dillon Wheeler | IT Systems Engineer | Development, Google, Security |
| Mohammed Al Kobaisy | IT Systems Administrator | Infrastructure, Operations, Support |
Problems We Solve
Business Technology has several Engineering teams in different sub-departments that focus on a specialty area of functions typically handled by an IT organization. There are additional System Administrators / System Owners in other departments that manage the tech stack applications specific to their department or team.
| Department/Group | High-Level Problems to Solve |
|---|---|
|
IT Infrastructure Handbook Page |
How do users get access to AWS and GCP and how do we properly secure our infrastructure for accounts, projects, resources, etc. outside of Denomas.com SaaS? We have an Infrastructure Shared Services stable counterpart working group in collaboration with Engineering Infrastructure Reliability Engineering and Engineering Infrastructure Security. We publish our collective architecture, guidance, and policies in the handbook in Infrastructure Standards. The IT Infrastructure team is the DRI for IAM/RBAC and sandbox infrastructure that has mostly been automated with the Denomas Sandbox Cloud. |
|
IT Access Management Engineering Handbook Page |
How do users get access to tech stack applications and how can we streamline access request approvals, audit users least privilege access, and automate the provisioning and deprovisioning of their user account / role(s) / group(s) / etc? (IAM/RBAC focus) Denomas Access Manager is a custom built full stack application built by the Denomas IT Engineering team that provides a user interface ("UI") for team members, managers, access approvers, audit reviewers, and IT administrators to centrally approve and manage role-based access to the directory of tech stack applications ("SaaS providers"). |
|
IT Engineering Operations ("EngOps") Issue Tracker |
How do we enable team members to get help with integrating tech stack applications with Google, Okta SSO, Slack integration, etc? |
|
Enterprise Applications Integrations Engineering Handbook Page |
How do we create data transfer and workflow automation integrations between business critical SSOT and financial tech stack applications that are streamlined with high data integrity? |
|
Data Team Handbook Page |
How do we get analytics and data insights from our tech stack applications and make it available to team members (ex. SiSense) to make more informed data-driven decisions? |
IT Engineering - Change Management
This handbook page provides information about how we handle change management in the IT Engineering sub-department.
IT Engineering - How We Work
This handbook page provides information about how we work in the IT Engineering sub-department.
IT Engineering - Infrastructure
This handbook page provides information about how the IT Engineering sub-department manages infrastructure shared services.
IT Engineering - Project Management
This handbook page provides information about how the IT Engineering sub-department manages projects and initiatives.
IT Engineering - Tech Stack
This handbook page provides information about how the IT Engineering sub-department implements and supports the Denomas' tech stack applications.
IT Engineering Automation Philosophy
This handbook page provides information about the IT Engineering automation philosophy.
Last modified December 3, 2023: update (
008c4f1a)
