Client Overview
The organisation is a facilities management company operating across the GCC, providing cleaning, maintenance, and soft-services to commercial real estate clients, hospitals, and government buildings. The company employs around 3,200 full-time staff and manages a rotating pool of around 800 contractors at any given time. Managing identity and access for a workforce that moves frequently between client sites and includes a significant contractor population had been a persistent operational and security challenge.
The Challenge
The company's workforce model — with staff regularly transferred between client sites and contractors rotating in and out over short engagements — meant that access management required constant updates. In practice, account management was handled at the site level by local supervisors who submitted requests to a central IT team. The process was slow and inconsistent: staff transferred to a new site often waited several days for access to the new site's management systems, while contractors who had finished their engagements frequently retained system access beyond the end of their contract. A client audit of one of the company's hospital contracts identified that three former contractors had active accounts on the hospital's facilities management reporting system — a finding that put the contract renewal at risk.
“A client finding active accounts for contractors who finished six months earlier nearly cost us a contract renewal. With a workforce that moves around as much as ours does, we needed access management that could keep up.”
— Head of Technology and Compliance
The Solution
eMudhra deployed SecurePass to manage identity and access for both permanent staff and contractors, with separate lifecycle workflows for each population. For permanent staff, integration with the HR system automated access provisioning on joining and site transfer and triggered deactivation on exit. For contractors, a lightweight onboarding portal was set up allowing site managers to register contractors and set a defined access end date — with automatic account deactivation when the end date was reached, regardless of whether the site manager submitted a manual request. MFA using SMS OTP was enforced for all system logins, suited to the company's mobile and site-based workforce. SSO was configured for the facilities management platform, time and attendance system, and client reporting portal, covering the main applications used across all sites.
Results
The contractor access gap identified in the hospital client audit was remediated, and the contract was renewed. Contractor account deactivation is now automatic at end-of-engagement across all client sites. The company's client audit score for access management improved in the subsequent review cycle.
Metric | Before | After |
Contractor account lifecycle | Manual; accounts persisting past end of contract | Automatic deactivation at defined end date |
Client audit finding | Active accounts for 3 former contractors — contract risk | Finding remediated; contract renewed |
Staff transfer access delay | Days waiting for access at new site | Same-day via automated site transfer workflow |
MFA coverage | Not enforced for site workforce | SMS OTP across all system logins |
Client audit access management score | Finding raised | Improved in subsequent review cycle |
