fbpx

User Lifecycle

Active Directory Management & Automation

User Lifecycle within IT

As a Microsoft and Softerra Partner, 01Logix team has been helping, guiding, and training organizations with complicated implementation scenarios that require custom solutions to fit their IT environment’s specific needs.

Active Directory Management

  • Deploy a rule-based platform for Active Directory, Exchange, and Microsoft 365 automation.
  • Provide an enhanced web-based management environment.
  • Implement a role-based access control model for delegating privileges.
  • Add security with approval-based workflows, allowing enforcement of corporate data standards.

Automated Provisioning

By establishing the HR system as the single source of truth (SSOT), fully automate all user lifecycle management procedures, including provisioning, re-provisioning and deprovisioning in Active Directory and connected systems, such as Exchange, Microsoft 365 and other business system that make use of Active Directory as a source.

Role-Based Delegation

Deploy a Role-Based Access Control model following the least privilege principle. Provide a centralized control over permissions which can be delegated, managed and revoked efficiently.

Single Interface for AD, Exchange, and Microsoft 365

Deploy a Web Interface for all Active Directory, Exchange and Microsoft 365 tasks combined into a single place, providing a simple and elegant management experience, eliminating the need for users to learn multiple tools and switch between them in day-to-day routines.

Approval-Based Workflow

Adding approval steps to practically any operation in your Active Directory environment. Such approach allows delegating more responsibilities to lower-level staff without losing control or adding any security risks.

Self-Password Reset

Provide a Password Self-Service portal eliminating the problem of resetting forgotten passwords and unlocking accounts. Allowing users to do it by themselves after they verify their identity by answering security questions and/or providing a code received via SMS, email or a mobile app (Google Authenticator, Authy, Okta Verify and others). Ability to extend the service to offsite and offline, covering users who forget their password while working from home or on business trips.

Active Directory Reports

Provide detailed reports on your Active Directory environment. In addition to the 200+ built-in ones, provide the ability to create a powerful platform for custom reports of any complexity. Supporting centralized scheduling and allowing users to schedule reports of their choice for themselves.

  

Key Benefits

  • Reduced Workload – By automating everyday tasks, user lifecycle management, streamlined provisioning, self-service portal, web interface — all that can massively reduce the routine workload on the IT staff.
  • Increased Security – Significantly increased Active Directory security due to the approval-based workflows, role-based security administration model and automated user provisioning and deprovisioning.
  • Efficient Audit and Monitoring – Comprehensive tracking and reporting enabling advanced analysis and monitoring of the enterprise resources making Active Directory environment a more regulated and elaborated place.
  • Standardized AD Environment – By enforcing corporate standards on Active Directory data, minimizing possible human factor mistakes and making the management process cleaner and easier.

 

 

Adaxes Features

Active Directory management

Active Directory plays a major role in many critical processes within organisations. Effective and secure Active Directory management becomes increasingly important and at the same time increasingly challenging, especially in large and complex environments. Native tools for Active Directory management are inefficient as they provide only basic functionality and cannot be used for active directory automation, web-based administration, role-based security, cross-domain management, audit of changes, etc. It becomes obvious that a higher-level solution like Adaxes is needed to cope with all challenges associated with Active Directory management. Softerra Adaxes provides a number of much-needed features that make Active Directory management, maintenance and administration much more simple, secure and effective.

Active Directory Provisioning

User provisioning, deprovisioning, and reprovisioning can be extremely complex and difficult-to-manage processes that take a lot of time and effort. When a new employee starts, this employee needs an Active Directory account, Exchange mailbox, home folder, the employee’s user account must be added to certain security groups and distribution lists, etc. When an employee leaves, the AD account of this employee must be disabled and removed from all distribution lists and security groups, the user home folder must be relocated or deleted, user accounts in various applications must be deactivated, and much more.

If Active Directory provisioning involves a series of manual activities performed by a human, the user provisioning and deprovisioning can easily become extremely complex, tedious, and time-consuming tasks accompanied by various kinds of errors and faults. To eliminate the issues related to the process, all operations involved in the Active Directory provisioning must be automated. The process automation reduces administrative costs associated with the user account management and acquires especial importance when multiple persons (Help Desk, support, administrators) are involved in the Active Directory provisioning.

Active Directory Delegation
Active Directory management involves many different operations that require administrative privileges granted by default to AD administrators only. Though operations like password reset or account unlock are pretty simple, they take a lot of time of highly-skilled IT staff, not allowing them to focus on more complex and important issues. Active Directory delegation helps you optimise the productivity of the IT department by letting non-administrative users (e.g. department managers or Help Desk operators) perform certain administrative activities in Active Directory.
Active Directory Web Interface
Today, the majority of organisations worldwide use Active Directory to manage and control the identity lifecycle of users. For administrators, help-desk operators, auditors and other users it is crucial to have constant and secure access to Active Directory from any location, even without having physical access to AD servers. The only way to achieve this is to provide a controlled web-based access to the Active Directory environment.

The necessity of Active Directory Web Interface increases drastically if there is a need to delegate AD management tasks to non-administrative staff. Usually, this staff doesn’t have access to native AD management tools, and needs a more simple, easy-to-use and intuitive solution. Fortunately, there is such a solution – Softerra Adaxes. Among other AD management facilities, Softerra Adaxes enables highly granular, controlled, and secure Active Directory Web access.

Active Directory Self-Service Password Reset
Active Directory password reset is a day-to-day routine for help desk, which takes a lot of time. Statistics shows, that IT support personnel handle password reset calls for almost 40% of their working day. This procedure for each call includes greeting, authentication, execution of reset, confirmation, and goodbye. On the basis of this, multiple surveys were conducted. These surveys took into account an average help desk wages, percentage of password reset calls and time consumption. By generalizing their results one can see that an average cost per password reset call varies from $15 to $20, which is pretty expensive. So is there a way to minimize password reset expenses without loss in security? Adaxes allows decentralizing password reset/account unlock by providing secure Self-Service Password Reset to end-users.
Exchange Management & Automation

Exchange management is a headache. This statement is supported by countless articles, blog posts and forum topics in the Internet. Web searches yield a myriad of various tips and best practices on how to streamline the process and make it less expensive. With all the vast amounts of information available, the problem is still there and desperately needs a strong and effective solution.

Why is there so much talk and fuss about Exchange management? The answer is straightforward: because it is expensive as it involves a lot of manual work by skilled technicians. Consider the following. When a new employee comes in, someone needs to create and configure a new mailbox for the employee. This requires knowledge of how to pick a mailbox database, which mailbox features to enable for this particular user, which mailbox policies to assign, etc. When an employee is relocated to a different city, promoted, or transferred to another department, somebody has to move their mailbox to another database, adjust mailbox rights, change mail flow settings, etc. When an employee goes on a sick leave, somebody must set the Auto-Reply message for the user, configure email forwarding, put the mailbox on retention hold, etc. When an employee leaves or retires, their mailbox must be properly deprovisioned, which is a complex task that requires multiple steps to complete.

What does all this mean? It means that somebody has to learn and consistently follow a rigorous set of guidelines and policies for Exchange management. Not only is it ineffective and a huge waste of human resources, it also leaves too much room for human error – the root cause of downtime and out-of-compliance issues.

Office 365 Automation & Management
To be more agile, cost effective and responsive to their business needs, organisations of all sizes are steadily marching towards the phase of either being in Office 365 or getting there. However, apart from all the advantages and features it provides, Office 365 brings increased complexity and additional challenges to the business processes related to management of user identities and access. Office 365 management becomes yet another new challenge to overcome and adds even more tasks to an already full plate of things to do. One of the major problems that emerge is how to get users into the organisation’s Office 365 tenant and how to grant specific users access to the Office 365 services they need to comply with their specific duties.

The foremost essential step to achieve the much desired cost efficiency and operational agility is to automate Office 365 management tasks wherever and whenever possible. Adaxes delivers the missing layer of automation and policy enforcement needed to sustain the compliance and efficiency goals.

Scheduled Tasks
Active Directory Management involves a lot of activities that must be performed on a regular basis. Very often such activities must be carried out during off hours and require a long time to complete. Here is a list of typical routine actions that usually need to be performed periodically:

send e-mail notifications to users whose passwords are about to expire,
notify managers about soon-to-expire accounts of their subordinates,
delete inactive user and computer accounts from Active Directory,
add users to groups based on predefined rules,
move users across OUs if certain conditions are met,
synchronize Active Directory with external data sources,
update properties of Active Directory object using modification templates, etc.
With Adaxes you can quickly and easily automate such tasks, and you don’t need to be a software developer to do this!

Custom Commands
Day-to-day Active Directory Management involves many routine and recurring tasks that often require multiple steps to complete. For example, every time an employee is assigned to a new project, goes on vacation, or departs on sick leave, a number of actions must be carried out in accordance with appropriate procedures and company policies. Such actions may include updating account options, modifying group membership, changing email forwarding settings, sending e-mail notifications, etc. Not only is the manual performance of all these operations is error-prone and takes a lot of time, but also requires that the person in charge knows and follows all proper policies and procedures.
Active Directory Automation
From day to day, Active Directory administrators and other staff involved in Active Directory management have to spend tons of time performing routine tasks related to user provisioning, management, and deprovisioning, group membership maintenance, security administration, etc. The use of native tools is ineffective and time-consuming at best, as they offer no opportunities for standardization of the process and are completely inefficient when it comes to Active Directory automation.
Active Directory Role-Based Security
Successful Active Directory management requires distribution of administrative responsibilities among multiple users (like Help Desk operators or department managers) according to their operational and administrative role in the organisation.  Delegation of administration rights makes much easier and more efficient, but may pose a number of security risks if not implemented properly.  The native means for Active Directory delegation introduce a number of challenges and are often ineffective due to the following reasons:

  • The process involves modification and maintenance of multiple Access Control Lists (ACLs) across many objects in Active Directory, which is very error-prone and often results in users either not having access they need or having elevated administrative privileges they don’t need.
  • There is no central place to store and manage permissions, and, as a result, it is rather challenging to control who has what privileges and why.
  • Permissions can be applied either at the domain or OU levels only.  This significantly complicates the delegation process, because the Active Directory OU structure is often designed for effective application of Group Policy Objects, rather than for delegation of security rights.