About Lummus Technology
Lummus Technology is a global technology company delivering innovative solutions for the oil and gas, refining, and industrial sectors. With operations across multiple regions, Lummus supports complex enterprise environments that require secure, scalable, and efficient IT operations.
Business challenges
As Lummus Technology modernized its HR systems and IT workflows, it sought to improve how identities and access were managed across its infrastructure while transitioning to cloud-based HR systems.
Before automation, user onboarding and offboarding was a highly manual and time-consuming process. Lonnie Brown, who manages infrastructure and user accounts, maintained a dedicated team solely responsible for onboarding and offboarding users. Every new hire, role change, or exit required hands-on IT effort, from account creation to access assignment. This created a significant operational burden on the team making the process difficult to scale.
"Previously user creation was entirely manual... all the way through the birth rights and everything. It was just a long drawn out process."
While these challenges existed in day-to-day identity management, they became more pronounced during the organization's transition from PeopleSoft to Workday, as the shift to a cloud-based HR platform highlighted the limitations of existing manual processes and the need for tighter integration between HR and IT systems, requiring a reliable approach to automate user lifecycle management without compromising control over Active Directory.
"I literally had a team just for users onboarding and offboarding. The automating has alleviated a significant workload on our side."
To support continued business growth and reduce operational overhead, Lummus Technology needed a centralized, rule-driven automation solution that could seamlessly integrate with Workday, automate user onboarding, role changes, and offboarding, enforce consistent logic for role-based access, and significantly reduce reliance on manual IT processes.
The solution
"Our biggest challenge was that the data coming out of Workday didn't align with how we're using the data in AD. We had to work on developing logic and changing some of the terminology coming out of Workday to match what we use for dynamic groups and user creation."
Lummus Technology had already been using ADManager Plus for Active Directory reporting and basic management. As the organization transitioned from PeopleSoft to Workday, the IT team engaged ManageEngine’s Implementation team to extend their use of ADManager Plus and implement a high-fidelity, rule-driven identity lifecycle automation framework between Workday and Active Directory.
The solution was deployed in a hybrid environment, integrating on-premises Active Directory with Entra ID, and was designed to eliminate manual provisioning gaps, ensure attribute accuracy, and prevent lifecycle conflicts caused by Workday’s transaction behavior.
Intelligent onboarding automation
User onboarding was automated for employees and contractors using Workday as the source. ADManager Plus automatically picked up new hires scheduled to join within the next two weeks, enabling IT to create accounts and assign the required access at the right time-without provisioning too early or acting on outdated records.
A highly customized onboarding template was built with 60+ conditional rules to handle country-based logic, email and SMTP assignment, OU placement, group memberships, and contractor-specific lifecycle handling. This ensured consistent naming standards, correct access assignment, and zero manual intervention during user creation.
To support operational readiness, pre-creation notifications were sent to end users and the asset management team before the account was created, enabling seamless onboarding on day 1.
Upon successful provisioning, usernames and email addresses were written back to Workday to maintain source system accuracy and keep downstream systems such as Entra ID, Microsoft Teams, and SaaS applications in sync.
Multi-layered modification and synchronization
To address concerns around data drift between Workday and Active Directory, a three-layer modification framework was implemented. This included targeted, on-demand user sync for escalations and VIP users, a one-time full directory synchronization to validate alignment, and an ongoing delta sync that continuously captured Workday changes within the last 24 hours.
During this process, data quality gaps such as missing or duplicate employee IDs were identified and resolved using customized ADManager Plus reports. This improved overall identity data governance and increased confidence in synchronization accuracy.
Safeguarded termination and deprovisioning
Special handling was introduced to manage Workday conversion scenarios, such as contractor-to-employee or employee-to-contractor transitions, which generate multiple transactions. A customized patch-level enhancement ensured that only true termination events were processed, preventing accidental deprovisioning of valid users.
Once a legitimate termination was confirmed, a controlled deprovisioning workflow was executed across the hybrid environment. This ensured that user access was removed in a consistent, step-by-step manner, with clear records of each action taken, helping the organization meet audit requirements while avoiding gaps or inconsistencies in access removal.
Implementation and support experience
Given the complexity of aligning Workday data with Active Directory, Lummus engaged ManageEngine's Implementation team, led by Arun, to design and configure the required automation logic. Lonnie Brown emphasized that the collaboration and responsiveness during implementation were critical to the project's success.
"Arun hasn't told me no on anything. Even the challenging ones, he said, 'Let me think about it,' and came back with a solid answer."
This hands-on support enabled the team to address integration challenges efficiently and implement automation that aligned with their environment and business needs.
The outcome
By integrating ADManager Plus with Workday , Lummus Technology achieved:
- Fully automated hire-to-retire identity lifecycle management
- Reduced dependency on manual IT effort
- Improved accuracy and data governance
- Faster onboarding and cleaner deprovisioning
- Greater confidence in AD–Workday synchronization
- A scalable, future-ready IAM architecture
What began as a reporting tool evolved into a core identity orchestration platform, helping Lummus technology to modernize identity operations while maintaining control, flexibility, and long-term scalability.
"Honestly, I would use the word fantastic. The communication with Arun has been fantastic, and the product support has been fantastic."
About ADManager Plus
ADManager Plus is an identity governance and administration (IGA) solution that simplifies identity management, ensures security, and improves compliance. With ADManager Plus, manage the user life cycle from provisioning to deprovisioning, run access certification campaigns, orchestrate identity management across enterprise applications, and protect data on your enterprise platforms with regular backups. Use over 200 reports to gain valuable insights into identities and their access rights. Improve the efficiency of your IGA operations with workflows, automations, and role-based access control policies. ADManager Plus' Android and iOS applications help with on-the-go AD and Entra ID management. For more information about ADManager Plus, visit manageengine.com/products/ad-manager/.
About OnboardPro
OnboardPro is a ManageEngine service that provides solution implementation to clients upon request. This service includes the installation and customized configuration of ManageEngine solutions. It enables clients to seamlessly begin work without worrying about the complexities of product installation, deployment, and use. Every client environment is unique and requires additional support beyond the basic installation and standard features. With custom onboarding, clients have the option to engage a team of product experts to manage the installation, implementation, customization, and training based on their business needs. For more information, visit manageengine.com/onboarding/manageengine-onboardpro-iam-and-siem-professional-service.html.
