SlideShare une entreprise Scribd logo

Active directoryaccountprovisioningwp

wardell henley
wardell henley
TechnologieBusiness
1  sur  14
Télécharger pour lire hors ligne
Active Directory Account Provisioning A lower cost and faster alternative to Identity Management Contents June 1, 2004 Introduction: ..........................3 With 29% of total annual IT time spent updating user account User Account Creation Today3 information , organizations are struggling to find an economical Account Changes 4 solution to reduce the expense and resources required to manage the user account lifecycle.1 Active Directory account Account Expirations 5 provisioning takes advantage of the fact that the majority of Multiple Data Stores 5 account management activities occur in Active Directory, and focuses on streamlining these activities to get quickest time to Identity Management.............6 value. Dream BigStart Small 8 This white paper explains how organizations can use the NetIQ Active Directory account provisioning solution to extend Active Leveraging Your Active Directory and address the majority of their user account lifecycle Directory Investment .............9 needs. It explains how an organization can combine the NetIQ off-the-shelf products to address key account management The NetIQ Solution ..............10 issues, while laying the ground work for a complete user account lifecycle management solution. This flexible approach allows Customer examples..............12 organizations to implement Active Directory account Conclusion ............................13 provisioning in steps, as they have budget, and provides immediate ROI on account management projects. Besides reviewing the information in this paper, NetIQ encourages you to visit our web site at www.netiq.com for more details.
THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF A LICENSE AGREEMENT OR A NON-DISCLOSURE AGREEMENT. EXCEPT AS EXPRESSLY SET FORTH IN SUCH LICENSE AGREEMENT OR NON-DISCLOSURE AGREEMENT, NETIQ CORPORATION PROVIDES THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SOME STATES DO NOT ALLOW DISCLAIMERS OF EXPRESS OR IMPLIED WARRANTIES IN CERTAIN TRANSACTIONS; THEREFORE, THIS STATEMENT MAY NOT APPLY TO YOU. This document and the software described in this document may not be lent, sold, or given away without the prior written permission of NetIQ Corporation, except as otherwise permitted by law. Except as expressly set forth in such license agreement or non-disclosure agreement, no part of this document or the software described in this document may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, or otherwise, without the prior written consent of NetIQ Corporation. Some companies, names, and data in this document are used for illustration purposes and may not represent real companies, individuals, or data. This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. NetIQ Corporation may make improvements in or changes to the software described in this document at any time. © 1995-2004 NetIQ Corporation, all rights reserved. U.S. Government Restricted Rights: If the software and documentation are being acquired by or on behalf of the U.S. Government or by a U.S. Government prime contractor or subcontractor (at any tier), in accordance with 48 C.F.R. 227.7202-4 (for Department of Defense (DOD) acquisitions) and 48 C.F.R. 2.101 and 12.212 (for non-DOD acquisitions), the government’s rights in the software and documentation, including its rights to use, modify, reproduce, release, perform, display or disclose the software or documentation, will be subject in all respects to the commercial license rights and restrictions provided in the license agreement. Check Point, FireWall-1, and Provider-1 are trademarks or registered trademarks of Check Point Software Technologies Ltd. ActiveAgent, ActiveAnalytics, ActiveAudit, ActiveKnowledge, ActiveReporting, ADcheck, AppAnalyzer, Application Scanner, AppManager, AuditTrack, AutoSync, Chariot, ClusterTrends, CommerceTrends, Configuration Assessor, ConfigurationManager, the cube logo design, DBTrends, DiagnosticManager, Directory and Resource Administrator, Directory Security Administrator, Domain Migration Administrator, End2End, Exchange Administrator, Exchange Migrator, Extended Management Pack, FastTrends, File Security Administrator, Firewall Appliance Analyzer, Firewall Reporting Center, Firewall Suite, Ganymede, the Ganymede logo, Ganymede Software, Group Policy Administrator, Intergreat, Knowledge Scripts, Migrate.Monitor.Manage, Mission Critical Software, Mission Critical Software for E- Business, the Mission Critical Software logo, MP3check, NetIQ, the NetIQ logo, the NetIQ Partner Network design, NetWare Migrator, OnePoint, the OnePoint logo, Operations Manager, PentaSafe, PSAudit, PSDetect, PSPasswordManager, PSSecure, Qcheck, RecoveryManager, Security Analyzer, Security Manager, Server Consolidator, SQLcheck, VigilEnt, Visitor Mean Business, Vivinet, W logo, WebTrends, WebTrends Analysis Suite, WebTrends for Content Management Systems, WebTrends Intelligence Suite, WebTrends Live, WebTrends Log Analyzer, WebTrends Network, WebTrends OLAP Manager, WebTrends Report Designer, WebTrends Reporting Center, WebTrends Warehouse, Work Smarter, WWWorld, and XMP are trademarks or registered trademarks of NetIQ Corporation or its subsidiaries in the United States and other jurisdictions. All other company and product names mentioned are used only for identification purposes and may be trademarks or registered trademarks of their respective companies. Active Directory Account Provisioning 2
Introduction: Remember thirty years ago, when Human Resources was called Personnel and the human resource data store was a dark file room filled with gray metal file cabinets? In those days, if an organization was computerized, it had a single information system running a small number of applications. When new people joined the organization, Personnel created a new file folder and added it to the appropriate file cabinet. If the new employee needed regular access to the information system, the information systems manager would create an account and logon for the specified application. If the new employee only needed occasional access, he might share a “guest” account with the rest of the organization. Back then, the process to create user accounts and logons was usually a manual one, with paper forms and approvals. Since the systems administrators were the ones creating accounts, as well as doing all the other administrative tasks, it might take a week or so for the new account to be created. It was also relatively simple to keep track of who had access to which applications, since the number of applications was limited and few people had access to them. User Account Creation Today These days, most employees will have access to several systems and applications, each with its own account and logon information. To put the problem in perspective, according to Computerworld, in 1995 IT departments supported an average of 25 applications per user and by 2001 that number had grown to 100 – 200.2 META research shows that organizations with revenues over $500 million typically have more than 75 applications, databases, and systems that require authentication.3 The amount of work to create all the necessary accounts on these different systems has grown exponentially. Even with today’s more advanced processes and systems, new employees still have to wait to get access to the systems they need. In a recent study by Stanford and Hong Kong universities of 200 Global 2000 companies, 48% of companies reported taking more than two days to provide a new hire with access to all the systems they need, and 10% reported taking more than two weeks.4 With many employees’ jobs directly related to interfacing with computer systems, delays in setting up new user accounts costs organizations directly in lost productivity and employee downtime. Even though new account creation can involve critical areas like enterprise security and touches many different systems and applications, new user account requests are frequently done in an informal manner. They are submitted manually on outdated forms, sent on paper through interoffice mail, phoned into the help desk, mentioned off- handedly in passing, or emailed to various locations for approvals and authorizations, all before even entering the IT work queue. This ad hoc approvals and notification process frequently slows down the new account creation and causes many of the delays reported in research. This type of distributed process can create security issues since there is no central authority overseeing which systems new accounts are being granted access to. With multiple people setting up new accounts, policies and naming conventions are also difficult to enforce. Active Directory Account Provisioning 3
Account Changes As if new account creations were not enough to worry about, employee data is always changing. Employees change cell phone numbers, addresses, last names, titles, extensions, and office numbers. They can also change departments, organizational levels, business units, and locations. All of these changes need to be reflected in the user account information, but some of these changes also impact access to systems and applications. For example, an employee moving from New York to Boston will need accounts on the Boston mail server, but may no longer need access to the New York file server. In the case of promotions, employees who may have only had read access to certain data may now need the ability to make modifications, or may now need access to additional data. Figuring out the system ramifications of each of the changes is time consuming and difficult. Frequently IT organizations identify and enable access to the key systems involved in a change, like email, but wait for the affected employee to make access requests for the other systems. Unfortunately, this reactive approach increases downtime and can negatively affect employee productivity. Keeping track of these changes so that all users have the access they need, and only the access they need, is an-going challenge for many IT organizations. Figure 1. Efficiently managing the user account lifecycle can reduce help desk calls and account administration costs, while improving user productivity and security. Active Directory Account Provisioning 4
Account Expirations As forward thinking IT managers frequently point out, at some point every employee leaves the organization. When employees leave, all of their access points need to be identified and disabled to prevent possible security problems. Every second an account is not deactivated, creates a window hackers and disgruntled ex-employees can use to gain unauthorized access to your systems. Even though most IT managers recognize this threat, according to the Stanford Hong Kong study 43% of companies surveyed take more than two days to disable user access and 15% take more than two weeks.5 Two weeks is an enormous amount of time to leave your system vulnerable. Even more concerning is the fact many organizations do not disable all the accounts associated with a user. In fact, according to IDC expired user accounts make up approximately 60% of all accounts in corporate systems6. The difficulty of keeping track of what each employee has access to, is likely the culprit of these expired user accounts. But regardless of the reason, expired user accounts present a serious security concern. From an economic standpoint, expired user accounts are also expensive. Many software applications charge license fees based on the number of user accounts in an environment, but are unable to distinguish between active and inactive accounts. In addition, inactive accounts are expensive to manage as they increase the time required to perform any account management activity. The clear drivers that are pushing organizations to address the user account management problem are identifying and disabling expired user accounts and removing the associated security vulnerabilities and administrative expenses. Multiple Data Stores Adding yet another layer of complexity on the issue of user account management is the fact that organizations have multiple data stores. META Group research shows that organizations with revenues greater than $500 million typically have around 68 internal and 12 external data stores. META also shows that 75% of internal users are contained in multiple data stores.7 This means that when you need to make a change an employee’s information or access rights, you have to make that change in multiple places. Coordinating and managing changes across multiple data stores is expensive. Every time an employee changes departments or a new employee is added, an IT resource has to manually enter redundant data in approximately four different applications or systems—8 assuming the IT resource has access to all the different data stores. Frequently these data repositories are independently owned, managed by different departments or business units and updates have to be coordinated manually or over e-mail. Active Directory Account Provisioning 5
It is easy to see how the time and expense can accumulate even when making the simplest changes. In addition, making changes in different places also increases the likelihood of inaccuracies and inconsistencies across the data. With employees having account data in multiple locations, it becomes very likely that a change is made in one data repository and not in another, which leads to problems of data accuracy and consistency. According to META, 11% of employees will experience a user access rights issue and 7% an incorrect personal information issue each month9. Unfortunately it is frequently the over burdened IT organization that has to identify and correct all these issues. The daily flow of user account changes is overwhelming many IT organizations. Industry estimates put 29% of total IT time spent modifying user account information annually10. In an effort to cope with the increasing administrative demands of managing user account changes, many IT organizations have pushed account maintenance off to lower level administrators and help desk personnel. No matter who does the actual account creation, the process itself is time-consuming and repetitive. Data has to be gathered from multiple sources, entered multiple times in varying formats into different access directories, and a rote set of tasks has to be performed. Multiple data stores increase the difficulty of figuring out who has access to which resource. There is no obvious way to associate one person with all of their access accounts in a multiple data store environment. Organizations may not be aware of many potential security concerns, like a sales rep who used to be in accounting and still has access to the billing system. With privacy regulations introduced with HIPPA, it has become essential for many organizations to know exactly who has access to which data, at all time. Multiple data stores also increase the probability that when an employee leaves the organization that some of the access points associated with that employee will not be identified and disabled. As mentioned earlier, these orphan accounts present a real security threat. Identity Management Identity management solutions are frequently proposed as a solution to the escalating demands of account provisioning. The attraction of these solutions is they offer integrated management of user identities, which facilitates seamless interaction between individuals and the machines essential to eBusiness11. These solutions, however, manage more than the lifecycle of user accounts. Identity management solutions verify the credentials and manage the access rights of employees, business partners, suppliers, contractors, and customers. They can extend across all electronic resources in an organization and can identify who is accessing what, where they are located, what group they belong to, what applications and operations systems they can use, and once in them, what they are allowed to see and do. Active Directory Account Provisioning 6
Identity management solutions, though extremely powerful, are also expensive and difficult to implement. These solutions involve multiple systems, on disparate platforms, with complex authentication and security protocols. Since they link identity attributes, policies, and preferences not only behind a corporate firewall but also over the Web, they require the input and consensus from many different groups, both inside and outside of the organization, to be successful. Organizations launching an identity management solution have to address issues like integrating disparate business processes, regulatory restrictions on personal data, and agreeing upon unsettled standards. Gartner notes that identity management is a multiyear project, and that not all projects will achieve ROI in less than a year. They contend that understanding the current workflows and the data architecture needed for identity management increases the complexity of these projects and can make them seem overwhelming to many organizations12. Figure 2. Identity management solutions manage identities and access to systems and extend beyond the organizational firewall. For organizations with extended e-business relationships with partners, suppliers, contractors, and customers, where verifying the person is exactly who they say they are, and granting access to specific systems based on the verified identities, identity management solutions are critical and can offer incredible economic benefits. Gartner estimates that a company with 10,000 employees can save $3.5 million over three years, and see 295% return on their investment.13 Smaller organizations, and organizations that do not extensively share electronic systems with partners, suppliers, or customers, though, often find it difficult to justify the time and upfront expense associated with identity management solutions. These organizations are still required to support an increasing number of applications and experience much of the same pain of user account management. They are looking for a less expensive, less complex, easier to implement, and quicker time to value solution that addresses their immediate needs and allows them, once they have those under control, to expand to the other systems in the enterprise. Active Directory Account Provisioning 7
Dream Big, Start Small Rather than trying to do everything all at once, many organizations are working on smaller projects that they can eventually unite into a larger identity management solution. This approach reduces the upfront costs and allows organizations to add features and capabilities as they have budget, while reaping immediate benefits from the parts they implement. Figure 3. The more systems involved in a solution the more complex the project becomes and the longer the time to value. The preponderance of Active Directory accounts provides a high value area where substantial returns can be realized in a fraction of the time and expense of a complete identity management solution. For organizations interested in pursuing this type of strategy there are a few tried and true approaches to ensure success14. • Prioritize: Identify the functions and capabilities that will have the most immediate impact on your business and, if possible, start with those. By hitting high value items first, you are ensuring a faster return on your investment. • Work in phases: Even with the priorities, divide them into smaller projects. Smaller, finite phases are easier to plan and implement, and less likely to suffer from project scope “creep”. You can use the ROI from the completed phases to justify the subsequent phases. • Develop a long-term vision: Once you have identified priorities, organize them into an overall vision. The long-term vision will provide a context for understanding how the smaller projects interrelate and provide a framework for making project decisions. • Use standards based infrastructures: If you conform to industry standards then it is easier to build on your solutions in the future, and you are less likely to run into incompatibilities and obsolescence issues. Also, standards make it easier for business partners outside your environment to work with what you develop. Active Directory Account Provisioning 8
Leveraging Your Active Directory Investment User account lifecycle management is easy to break into smaller projects that can be prioritized and deployed in phases. With the right long-term plan, an organization can divide their user account lifecycle management project into small quantifiable objectives, such as reducing the time required to create new accounts or reducing the time required to identify and disable inactive accounts. Though small, such objectives can deliver an immediate ROI. The first step to solving user account management is consolidating user account information into a central data repository that you can manage with a consistent set of access methods and policies. The good news is that with the predominance of the Windows networking infrastructure, most organizations already have a central data store implemented in their environment—Active Directory. Active Directory is a directory service based upon the Lightweight Directory Access Protocol (LDAP), which stores user information and access rights. Using widely understood standards, Active Directory supports Windows security and authentication protocols, which makes it easy to build interoperable solutions on Active Directory is an ideal user account information repository with over 300 attributes that combine uniquely to build a user account. Active Directory also supports schema extensions, which add an incredible amount of power and flexibility to the type of solutions you can define. Since Active Directory is already installed, and uniquely equipped to handle user account and access data, it is an ideal cornerstone for a quick time to value user account lifecycle management solution. From an IT manager’s perspective, it is also completely within the control of the IT department, which eliminates much of the complexity associated with cross-functional Identity Management projects. Active Directory Account Provisioning Solutions Active Directory account provisioning is basic identity management for Active Directory user accounts. Active Directory account provisioning takes advantage of the fact that the majority of account management activities occur in Active Directory, and focuses on streamlining these activities to get quickest time to value. Active Directory account provisioning uses the reach of Active Directory to introduce a structured environment for user account administration, and to coordinate account management and related security policies across the enterprise. As a result, Active Directory becomes the centralized data repository for managing user account information and access rights to IT resources and assets. Active Directory Account Provisioning 9
To create an Active Directory account provisioning solution, organizations are faced with the decision of whether to build or buy. If they build it, cobbling together the tools provided with Active Directory and linking them to different process with scripts or code, they can get exactly what they need. This approach, though, is rather risky since scripts and custom code are difficult to maintain Active Directory Account and suffer from compatibility and Provisioning Enables interoperability issues. In addition, custom Organizations to : projects like this can be costly and difficult to manage Implement self-service solutions for password resets, Exchange Another option is to purchase off-the-shelf distribution lists, and white pages tools. The difficulty with this approach is information finding exactly what is needed, especially Implement HR driven user account since every organization manages account udpates creation, modifications, and deletions Incorporate workflows and approvals differently. Given the scope of user account into account updates management, it is unlikely there is one Coordinate Exchange mailboxes solution that will do everything required. administration with user account Trying to build a unified solution using administration unrelated tools is also a challenge. Even Automate home share and disk tools based on industry standards frequently quotas with account creations run into incompatibility issues that can threaten the success of the entire project. The NetIQ Active Directory Account Provisioning Solution NetIQ, a leader in security management, offers an Active Directory account provisioning solution that allows organizations to meet their immediate Active Directory account management needs with point of pain solutions, while at the same time lay the groundwork for future user account lifecycle management solutions. NetIQ provides off- the-shelf products to address key account management issues that can also be easily combined together to build more complete account lifecycle management solutions. The NetIQ approach allows organizations to implement Active Directory account provisioning in steps, as they have budget. Active Directory Account Provisioning 10
Out-of-the box, NetIQ’s products automate and streamline many user account administration tasks, such as creating a home share at the same time a new user account is created. They further reduce IT administrative workload by providing a secure method to distribute user account administration tasks across the organization. These products also support a wide spectrum of open, extensible standards including Active Directory Service Interfaces (ADSI) and Windows Terminal Server (WTS). One of the features that sets NetIQ products apart from other user account management solutions is the seamless integration of policy enforcement with directory updates. NetIQ products make it easy to define and enforce policies and conventions that ensure the integrity, consistency, and completeness of Active Directory data. These products also provide comprehensive auditing and reporting. They log all administrative actions and create an easy-to-follow audit trail. From these logs, customers can track administrative actions over time to establish correlations, create performance metrics, and enable ROI analysis. Figure 4. NetIQ Active Directory account provisioning allows organizations to automate multi-step business workflows while enforcing security policies. NetIQ products include easy-to-use automation capabilities that simplify complex multi- step business workflows. Leveraging NetIQ automation, organizations can update Active Directory automatically using HR data to grant access rights to new employees and move home directories automatically when an employee’s site location changes. Automating work flows reduces mistakes and ensures that all steps are completed. It also reduces the time and resources required to make user account changes. NetIQ products can also be used to extend beyond Active Directory to other applications and databases to further streamline account management tasks. NetIQ’s Active Directory account provisioning allows organizations to tailor a solution to meet specific business needs. The product installs quickly. Within hours, organizations can implement account management solutions that can have an immediate effect on their bottom line, such as self-service password reset. Organizations can integrate their HR data with Active Directory so that as they add a user account in the HR system, the Active Directory account, home share, disk quota, Exchange mailbox, and group memberships are all created automatically. In addition to the products being quick to install and featuring a quick time to value, organizations only pay for what they need when they are ready to use it. Active Directory Account Provisioning 11
Customer examples of NetIQ Active Directory Account Provisioning Solutions NetIQ customers have implemented a wide range of Active Directory account provisioning solutions. From simple self-service password resets to full HR integration, customers have used NetIQ products to solve their user account administration problems. Customers have implemented a combination of the following strategies: • Delegate – empower help desk personnel and non-system administrators to do the manual account management tasks in a secure and controlled environment. Delegation moves the function closer to the end user, improving response time and customer satisfaction, while reducing IT’s involvement in routine administrative tasks. • End user self-service – allow end users to directly interact with selected elements of their account data. Implementing self-service makes end users responsible for keeping specific data current, such as phone numbers and addresses. • Automation – have systems perform as many account management tasks as possible. Automation not only increases productivity but it also ensures consistent application of policies. Below are some user account lifecycle issues organizations identified and resolved using NetIQ solutions. IT resources overwhelmed IT resources at a financial institution were overwhelmed with simple account management tasks and were not able to focus on more strategic IT projects. The NetIQ solution implemented secure delegation, which allowed this organization to safely distribute account administration to departmental administrators and help desk personnel, freeing up 80% of IT resources for higher value IT projects. Account updates taking too long The turn around time for account updates and account additions at a large insurance institution was over a week and was costing the organization in lost productivity. The NetIQ solution combined self-service and automation to create an automated web form for account updates and account additions that allowed employees and their managers with appropriate access, to directly update Active Directory information. The updates were instantaneous, which eliminated downtime. They were also subject to organization naming conventions and policies, which protected the consistency of the Active Directory information, and were able to be safely performed by non-IT resources, which freed up IT resources for other projects. Active Directory Account Provisioning 12
Security concerns An oil company with offices distributed around the world was concerned about security issues caused by orphaned user accounts and needed to meet stricter auditing requirements. The NetIQ solution automated network auditing and enabled the organization to quickly identify hundreds of orphaned accounts across their entire network and disable them. The detailed logging and reporting allowed the company to meet their audit requirements. Account updates too expensive A pharmaceutical company needed to reduce the cost of maintaining user account information and improve the turn around time for changes. The NetIQ solution reduced the account maintenance turnaround time and expense by automating Active Directory account updates from the HR database. Every night, the process collected all the new employees in the HR database and created Active Directory accounts with home directories, Exchange mailboxes, and even basic group memberships, allowing new employees to be immediately productive. It also collected selected employee updates, such as department and telephone, and made those changes to the Active Directory accounts. For employees marked terminated in the HR database, the solution disabled all access accounts, preventing possible security threats. Conclusion User account lifecycle management is an expensive and time-consuming undertaking. It can absorb all available IT resources and prevent other more strategic IT projects from getting the time and attention they deserve. With the ever-increasing number of applications and data stores enterprises introduce into their environment, the problems around user account management are only going to grow and demand more time and IT resources. Organizations seeking a solution to the escalating IT resource requirements for user account lifecycle management are frequently drawn to Identity Management solutions, which promise integrated management of user identities and seamless interaction between individuals and a variety of applications. These solutions however, extend beyond the organization to include external partners, suppliers, and customers and can be expensive and time consuming to implement. Many organizations cannot justify the upfront cost and long implementation cycles required to develop and deploy an identity management solution. Active Directory account provisioning is a viable solution for these organizations. Active Directory Account Provisioning 13
Active Directory account provisioning leverages an organization’s investment in Active Directory. This approach takes advantage of the fact that the majority of account management activities occur in Active Directory, and focuses on streamlining these activities to get quickest time to value. Active Directory becomes the centralized data repository for managing user account information and access rights to IT resources and assets. Active Directory account provisioning allows organizations to reap a large percentage of the cost savings and increased security promised by full-blown identity management solutions, but at a fraction of the time and expense. NetIQ offers powerful Active Directory account provisioning solutions that feature secure delegation, policy enforcement, auditing, and extensive automation capabilities. NetIQ provides off-the-shelf products that meet immediate user account management needs. These products can also be combined together to create user account lifecycle management solutions. The NetIQ enabled Active Directory account provisioning is incredibly flexible, allowing organizations to quickly build a solution that meets both their requirements and their budget, while allowing them to easily add functionality in the future. NetIQ Active Directory account provisioning maximizes an organization’s investment in Active Directory and reduces the cost and expense of user account management. 1 META Group White paper, August 2002 “The Value of Identity Management” 2 Computerworld, July 09,2001 “Want to Save Some Money? Automate Password Resets”, Pimm Fox 3 META Group White paper, August 2002, “The Value of Identity Management” 4 Exploring Secure Identity Management in Global Enterprises, Stanford University and Hong Kong University of Science and Technology, March 2003 55 Exploring Secure Identity Management in Global Enterprises, March 2003, Stanford University and Hong Kong University of Science and Technology 6 IDC Viewpoint, March 2003, “Identity Management, Integrating People Process and Machines”, David Senf. 7 META Group White paper, August 2002 “The Value of Identity Management” 8 Exploring Secure Identity Management in Global Enterprises, March 2003, Stanford University and Hong Kong University of Science and Technology, 9 META Group White paper, August 2002 “The Value of Identity Management” 10 META Group White paper, August 2002 “The Value of Identity Management” 11 IDC, March 7, 2003, “Identity Management: Securing Your e-Business Future”, David Senf 12 Gartner and Price Watherhouse Coopers, 2001, “Identity Management – The business context of security” 13 Asia Computer Weekly, March 2003, “Identity Management market at a Crossroads”, Queenie Ng 14 Computerworld, July 14, 2003, “ Know Thy Users : Identity Management Done Right”, Deborah Radcliff Active Directory Account Provisioning 14

Recommandé

Sql Server 2008 Product Overview
Sql Server 2008 Product OverviewSql Server 2008 Product Overview
Sql Server 2008 Product OverviewIsmail Muhammad
 
Streamlining the Business Process
Streamlining the Business ProcessStreamlining the Business Process
Streamlining the Business Processjingrato
 
Sql server mission_critical_performance_tdm_white_paper
Sql server mission_critical_performance_tdm_white_paperSql server mission_critical_performance_tdm_white_paper
Sql server mission_critical_performance_tdm_white_paperSatishbabu Gunukula
 
Microsoft SQL Server 2014 mission critical performance tdm white paper
Microsoft SQL Server 2014 mission critical performance tdm white paperMicrosoft SQL Server 2014 mission critical performance tdm white paper
Microsoft SQL Server 2014 mission critical performance tdm white paperDavid J Rosenthal
 
VDD Tools
VDD ToolsVDD Tools
VDD ToolsGary Brogan
 
DocUnity Booklet
DocUnity BookletDocUnity Booklet
DocUnity BookletdocUnity Document Management
 
The Top 7 Active Directory Admin Challenges Overcome White Paper
The Top 7 Active Directory Admin Challenges Overcome White PaperThe Top 7 Active Directory Admin Challenges Overcome White Paper
The Top 7 Active Directory Admin Challenges Overcome White PaperNetIQ
 
Case Studies in Improving Application Performance With Solix Database Archivi...
Case Studies in Improving Application Performance With Solix Database Archivi...Case Studies in Improving Application Performance With Solix Database Archivi...
Case Studies in Improving Application Performance With Solix Database Archivi...LindaWatson19
 

Recommandé

Sql Server 2008 Product Overview
Sql Server 2008 Product OverviewSql Server 2008 Product Overview
Sql Server 2008 Product OverviewIsmail Muhammad
 
Streamlining the Business Process
Streamlining the Business ProcessStreamlining the Business Process
Streamlining the Business Processjingrato
 
Sql server mission_critical_performance_tdm_white_paper
Sql server mission_critical_performance_tdm_white_paperSql server mission_critical_performance_tdm_white_paper
Sql server mission_critical_performance_tdm_white_paperSatishbabu Gunukula
 
Microsoft SQL Server 2014 mission critical performance tdm white paper
Microsoft SQL Server 2014 mission critical performance tdm white paperMicrosoft SQL Server 2014 mission critical performance tdm white paper
Microsoft SQL Server 2014 mission critical performance tdm white paperDavid J Rosenthal
 
VDD Tools
VDD ToolsVDD Tools
VDD ToolsGary Brogan
 
DocUnity Booklet
DocUnity BookletDocUnity Booklet
DocUnity BookletdocUnity Document Management
 
The Top 7 Active Directory Admin Challenges Overcome White Paper
The Top 7 Active Directory Admin Challenges Overcome White PaperThe Top 7 Active Directory Admin Challenges Overcome White Paper
The Top 7 Active Directory Admin Challenges Overcome White PaperNetIQ
 
Case Studies in Improving Application Performance With Solix Database Archivi...
Case Studies in Improving Application Performance With Solix Database Archivi...Case Studies in Improving Application Performance With Solix Database Archivi...
Case Studies in Improving Application Performance With Solix Database Archivi...LindaWatson19
 
What Is The Development And Adoption Of The Accounting...
What Is The Development And Adoption Of The Accounting...What Is The Development And Adoption Of The Accounting...
What Is The Development And Adoption Of The Accounting...Erin Torres
 
Strategic Advantage and the Microsoft Application Platform (1)
Strategic Advantage and the Microsoft Application Platform (1)Strategic Advantage and the Microsoft Application Platform (1)
Strategic Advantage and the Microsoft Application Platform (1)Olivia Jones
 
What every managemenet accountants should know about the cloud by l iv watson
What every managemenet accountants should know about the cloud by l iv watsonWhat every managemenet accountants should know about the cloud by l iv watson
What every managemenet accountants should know about the cloud by l iv watsonWorkiva
 
Managing Valuable Ip Assets Owned By Their Clients Essay
Managing Valuable Ip Assets Owned By Their Clients EssayManaging Valuable Ip Assets Owned By Their Clients Essay
Managing Valuable Ip Assets Owned By Their Clients EssayJessica Howard
 
10 Best Data Integration Software Platforms.pdf
10 Best Data Integration Software Platforms.pdf10 Best Data Integration Software Platforms.pdf
10 Best Data Integration Software Platforms.pdfXoxoday Compass
 
Information Retrieval And Evaluating Its Usefulness
Information Retrieval And Evaluating Its UsefulnessInformation Retrieval And Evaluating Its Usefulness
Information Retrieval And Evaluating Its UsefulnessDiane Allen
 
9 Steps to Successful Information Lifecycle Management
9 Steps to Successful Information Lifecycle Management9 Steps to Successful Information Lifecycle Management
9 Steps to Successful Information Lifecycle ManagementIron Mountain
 
Eight styles of data integration
Eight styles of data integrationEight styles of data integration
Eight styles of data integrationSteve Sobotincic
 
Comparison of CXAIR to Traditional BI Technologies
Comparison of CXAIR to Traditional BI Technologies Comparison of CXAIR to Traditional BI Technologies
Comparison of CXAIR to Traditional BI Technologies Connexica
 
Chapter 4 computer enabled project topic.pptx To familiarise Computer applica...
Chapter 4 computer enabled project topic.pptx To familiarise Computer applica...Chapter 4 computer enabled project topic.pptx To familiarise Computer applica...
Chapter 4 computer enabled project topic.pptx To familiarise Computer applica...anamikaghosh21
 
ca-and-microsoft-are-collaborating-to-enable-the-iot-driven-application-economy
ca-and-microsoft-are-collaborating-to-enable-the-iot-driven-application-economyca-and-microsoft-are-collaborating-to-enable-the-iot-driven-application-economy
ca-and-microsoft-are-collaborating-to-enable-the-iot-driven-application-economyDoug Antaya
 
The Application of Information Technology in the Preparation and Presentation...
The Application of Information Technology in the Preparation and Presentation...The Application of Information Technology in the Preparation and Presentation...
The Application of Information Technology in the Preparation and Presentation...IOSRJBM
 
The Architecture for Rapid Decisions
The Architecture for Rapid DecisionsThe Architecture for Rapid Decisions
The Architecture for Rapid DecisionsKishore Jethanandani, MBA, MA, MPhil,
 
Augmented Data Management
Augmented Data ManagementAugmented Data Management
Augmented Data ManagementFORMCEPT
 
11.online library management system
11.online library management system11.online library management system
11.online library management systemPvrtechnologies Nellore
 
IBM Solutions Connect 2013 - Increase Efficiency by Automating IT Asset & Ser...
IBM Solutions Connect 2013 - Increase Efficiency by Automating IT Asset & Ser...IBM Solutions Connect 2013 - Increase Efficiency by Automating IT Asset & Ser...
IBM Solutions Connect 2013 - Increase Efficiency by Automating IT Asset & Ser...IBM Software India
 
Rewriting the Rulebook: New Ways of Working in the Digital Economy
Rewriting the Rulebook: New Ways of Working in the Digital EconomyRewriting the Rulebook: New Ways of Working in the Digital Economy
Rewriting the Rulebook: New Ways of Working in the Digital EconomyCognizant
 
RP_Patch_Management_S508C.pdf
RP_Patch_Management_S508C.pdfRP_Patch_Management_S508C.pdf
RP_Patch_Management_S508C.pdfwardell henley
 
mita_overview.pdf
mita_overview.pdfmita_overview.pdf
mita_overview.pdfwardell henley
 
Landscape_Medicaid_Healthcare_Information_Technology.pdf
Landscape_Medicaid_Healthcare_Information_Technology.pdfLandscape_Medicaid_Healthcare_Information_Technology.pdf
Landscape_Medicaid_Healthcare_Information_Technology.pdfwardell henley
 
Facets Overview and Navigation User Guide.pdf
Facets Overview and Navigation User Guide.pdfFacets Overview and Navigation User Guide.pdf
Facets Overview and Navigation User Guide.pdfwardell henley
 
self_inspect_handbook_nisp.pdf
self_inspect_handbook_nisp.pdfself_inspect_handbook_nisp.pdf
self_inspect_handbook_nisp.pdfwardell henley
 

Contenu connexe

Similaire à Active directoryaccountprovisioningwp

What Is The Development And Adoption Of The Accounting...
What Is The Development And Adoption Of The Accounting...What Is The Development And Adoption Of The Accounting...
What Is The Development And Adoption Of The Accounting...Erin Torres
 
Strategic Advantage and the Microsoft Application Platform (1)
Strategic Advantage and the Microsoft Application Platform (1)Strategic Advantage and the Microsoft Application Platform (1)
Strategic Advantage and the Microsoft Application Platform (1)Olivia Jones
 
What every managemenet accountants should know about the cloud by l iv watson
What every managemenet accountants should know about the cloud by l iv watsonWhat every managemenet accountants should know about the cloud by l iv watson
What every managemenet accountants should know about the cloud by l iv watsonWorkiva
 
Managing Valuable Ip Assets Owned By Their Clients Essay
Managing Valuable Ip Assets Owned By Their Clients EssayManaging Valuable Ip Assets Owned By Their Clients Essay
Managing Valuable Ip Assets Owned By Their Clients EssayJessica Howard
 
10 Best Data Integration Software Platforms.pdf
10 Best Data Integration Software Platforms.pdf10 Best Data Integration Software Platforms.pdf
10 Best Data Integration Software Platforms.pdfXoxoday Compass
 
Information Retrieval And Evaluating Its Usefulness
Information Retrieval And Evaluating Its UsefulnessInformation Retrieval And Evaluating Its Usefulness
Information Retrieval And Evaluating Its UsefulnessDiane Allen
 
9 Steps to Successful Information Lifecycle Management
9 Steps to Successful Information Lifecycle Management9 Steps to Successful Information Lifecycle Management
9 Steps to Successful Information Lifecycle ManagementIron Mountain
 
Eight styles of data integration
Eight styles of data integrationEight styles of data integration
Eight styles of data integrationSteve Sobotincic
 
Comparison of CXAIR to Traditional BI Technologies
Comparison of CXAIR to Traditional BI Technologies Comparison of CXAIR to Traditional BI Technologies
Comparison of CXAIR to Traditional BI Technologies Connexica
 
Chapter 4 computer enabled project topic.pptx To familiarise Computer applica...
Chapter 4 computer enabled project topic.pptx To familiarise Computer applica...Chapter 4 computer enabled project topic.pptx To familiarise Computer applica...
Chapter 4 computer enabled project topic.pptx To familiarise Computer applica...anamikaghosh21
 
ca-and-microsoft-are-collaborating-to-enable-the-iot-driven-application-economy
ca-and-microsoft-are-collaborating-to-enable-the-iot-driven-application-economyca-and-microsoft-are-collaborating-to-enable-the-iot-driven-application-economy
ca-and-microsoft-are-collaborating-to-enable-the-iot-driven-application-economyDoug Antaya
 
The Application of Information Technology in the Preparation and Presentation...
The Application of Information Technology in the Preparation and Presentation...The Application of Information Technology in the Preparation and Presentation...
The Application of Information Technology in the Preparation and Presentation...IOSRJBM
 
Augmented Data Management
Augmented Data ManagementAugmented Data Management
Augmented Data ManagementFORMCEPT
 
IBM Solutions Connect 2013 - Increase Efficiency by Automating IT Asset & Ser...
IBM Solutions Connect 2013 - Increase Efficiency by Automating IT Asset & Ser...IBM Solutions Connect 2013 - Increase Efficiency by Automating IT Asset & Ser...
IBM Solutions Connect 2013 - Increase Efficiency by Automating IT Asset & Ser...IBM Software India
 
Rewriting the Rulebook: New Ways of Working in the Digital Economy
Rewriting the Rulebook: New Ways of Working in the Digital EconomyRewriting the Rulebook: New Ways of Working in the Digital Economy
Rewriting the Rulebook: New Ways of Working in the Digital EconomyCognizant
 

Similaire à Active directoryaccountprovisioningwp (17)

What Is The Development And Adoption Of The Accounting...
What Is The Development And Adoption Of The Accounting...What Is The Development And Adoption Of The Accounting...
What Is The Development And Adoption Of The Accounting...
 
Strategic Advantage and the Microsoft Application Platform (1)
Strategic Advantage and the Microsoft Application Platform (1)Strategic Advantage and the Microsoft Application Platform (1)
Strategic Advantage and the Microsoft Application Platform (1)
 
What every managemenet accountants should know about the cloud by l iv watson
What every managemenet accountants should know about the cloud by l iv watsonWhat every managemenet accountants should know about the cloud by l iv watson
What every managemenet accountants should know about the cloud by l iv watson
 
Managing Valuable Ip Assets Owned By Their Clients Essay
Managing Valuable Ip Assets Owned By Their Clients EssayManaging Valuable Ip Assets Owned By Their Clients Essay
Managing Valuable Ip Assets Owned By Their Clients Essay
 
10 Best Data Integration Software Platforms.pdf
10 Best Data Integration Software Platforms.pdf10 Best Data Integration Software Platforms.pdf
10 Best Data Integration Software Platforms.pdf
 
Information Retrieval And Evaluating Its Usefulness
Information Retrieval And Evaluating Its UsefulnessInformation Retrieval And Evaluating Its Usefulness
Information Retrieval And Evaluating Its Usefulness
 
9 Steps to Successful Information Lifecycle Management
9 Steps to Successful Information Lifecycle Management9 Steps to Successful Information Lifecycle Management
9 Steps to Successful Information Lifecycle Management
 
Eight styles of data integration
Eight styles of data integrationEight styles of data integration
Eight styles of data integration
 
Comparison of CXAIR to Traditional BI Technologies
Comparison of CXAIR to Traditional BI Technologies Comparison of CXAIR to Traditional BI Technologies
Comparison of CXAIR to Traditional BI Technologies
 
Chapter 4 computer enabled project topic.pptx To familiarise Computer applica...
Chapter 4 computer enabled project topic.pptx To familiarise Computer applica...Chapter 4 computer enabled project topic.pptx To familiarise Computer applica...
Chapter 4 computer enabled project topic.pptx To familiarise Computer applica...
 
ca-and-microsoft-are-collaborating-to-enable-the-iot-driven-application-economy
ca-and-microsoft-are-collaborating-to-enable-the-iot-driven-application-economyca-and-microsoft-are-collaborating-to-enable-the-iot-driven-application-economy
ca-and-microsoft-are-collaborating-to-enable-the-iot-driven-application-economy
 
The Application of Information Technology in the Preparation and Presentation...
The Application of Information Technology in the Preparation and Presentation...The Application of Information Technology in the Preparation and Presentation...
The Application of Information Technology in the Preparation and Presentation...
 
The Architecture for Rapid Decisions
The Architecture for Rapid DecisionsThe Architecture for Rapid Decisions
The Architecture for Rapid Decisions
 
Augmented Data Management
Augmented Data ManagementAugmented Data Management
Augmented Data Management
 
11.online library management system
11.online library management system11.online library management system
11.online library management system
 
IBM Solutions Connect 2013 - Increase Efficiency by Automating IT Asset & Ser...
IBM Solutions Connect 2013 - Increase Efficiency by Automating IT Asset & Ser...IBM Solutions Connect 2013 - Increase Efficiency by Automating IT Asset & Ser...
IBM Solutions Connect 2013 - Increase Efficiency by Automating IT Asset & Ser...
 
Rewriting the Rulebook: New Ways of Working in the Digital Economy
Rewriting the Rulebook: New Ways of Working in the Digital EconomyRewriting the Rulebook: New Ways of Working in the Digital Economy
Rewriting the Rulebook: New Ways of Working in the Digital Economy
 

Plus de wardell henley

RP_Patch_Management_S508C.pdf
RP_Patch_Management_S508C.pdfRP_Patch_Management_S508C.pdf
RP_Patch_Management_S508C.pdfwardell henley
 
Landscape_Medicaid_Healthcare_Information_Technology.pdf
Landscape_Medicaid_Healthcare_Information_Technology.pdfLandscape_Medicaid_Healthcare_Information_Technology.pdf
Landscape_Medicaid_Healthcare_Information_Technology.pdfwardell henley
 
Facets Overview and Navigation User Guide.pdf
Facets Overview and Navigation User Guide.pdfFacets Overview and Navigation User Guide.pdf
Facets Overview and Navigation User Guide.pdfwardell henley
 
self_inspect_handbook_nisp.pdf
self_inspect_handbook_nisp.pdfself_inspect_handbook_nisp.pdf
self_inspect_handbook_nisp.pdfwardell henley
 
Itil a guide to cab meetings pdf
Itil a guide to cab meetings pdfItil a guide to cab meetings pdf
Itil a guide to cab meetings pdfwardell henley
 
9 150928065812-lva1-app6892 gmp
9 150928065812-lva1-app6892 gmp9 150928065812-lva1-app6892 gmp
9 150928065812-lva1-app6892 gmpwardell henley
 
15466 mba technology_white_paper
15466 mba technology_white_paper15466 mba technology_white_paper
15466 mba technology_white_paperwardell henley
 
Best practices for_implementing_security_awareness_training
Best practices for_implementing_security_awareness_trainingBest practices for_implementing_security_awareness_training
Best practices for_implementing_security_awareness_trainingwardell henley
 
213946 dmarc-architecture-identifier-alignmen
213946 dmarc-architecture-identifier-alignmen213946 dmarc-architecture-identifier-alignmen
213946 dmarc-architecture-identifier-alignmenwardell henley
 
Cissp chapter-05ppt178
Cissp chapter-05ppt178Cissp chapter-05ppt178
Cissp chapter-05ppt178wardell henley
 
Enterprise%20 security%20architecture%20 %20business%20driven%20security
Enterprise%20 security%20architecture%20 %20business%20driven%20securityEnterprise%20 security%20architecture%20 %20business%20driven%20security
Enterprise%20 security%20architecture%20 %20business%20driven%20securitywardell henley
 
3 securityarchitectureandmodels-120331064706-phpapp01
3 securityarchitectureandmodels-120331064706-phpapp013 securityarchitectureandmodels-120331064706-phpapp01
3 securityarchitectureandmodels-120331064706-phpapp01wardell henley
 
Splunk 7.2.3-security-hardeningstandards
Splunk 7.2.3-security-hardeningstandardsSplunk 7.2.3-security-hardeningstandards
Splunk 7.2.3-security-hardeningstandardswardell henley
 
Ms app 1.5.1-msinfra-bestpracticesguide
Ms app 1.5.1-msinfra-bestpracticesguideMs app 1.5.1-msinfra-bestpracticesguide
Ms app 1.5.1-msinfra-bestpracticesguidewardell henley
 
IBM enterprise Content Management
IBM enterprise Content ManagementIBM enterprise Content Management
IBM enterprise Content Managementwardell henley
 

Plus de wardell henley (20)

RP_Patch_Management_S508C.pdf
RP_Patch_Management_S508C.pdfRP_Patch_Management_S508C.pdf
RP_Patch_Management_S508C.pdf
 
mita_overview.pdf
mita_overview.pdfmita_overview.pdf
mita_overview.pdf
 
Landscape_Medicaid_Healthcare_Information_Technology.pdf
Landscape_Medicaid_Healthcare_Information_Technology.pdfLandscape_Medicaid_Healthcare_Information_Technology.pdf
Landscape_Medicaid_Healthcare_Information_Technology.pdf
 
Facets Overview and Navigation User Guide.pdf
Facets Overview and Navigation User Guide.pdfFacets Overview and Navigation User Guide.pdf
Facets Overview and Navigation User Guide.pdf
 
self_inspect_handbook_nisp.pdf
self_inspect_handbook_nisp.pdfself_inspect_handbook_nisp.pdf
self_inspect_handbook_nisp.pdf
 
Itil a guide to cab meetings pdf
Itil a guide to cab meetings pdfItil a guide to cab meetings pdf
Itil a guide to cab meetings pdf
 
Mn bfdsprivacy
Mn bfdsprivacyMn bfdsprivacy
Mn bfdsprivacy
 
9 150928065812-lva1-app6892 gmp
9 150928065812-lva1-app6892 gmp9 150928065812-lva1-app6892 gmp
9 150928065812-lva1-app6892 gmp
 
It security cert_508
It security cert_508It security cert_508
It security cert_508
 
15466 mba technology_white_paper
15466 mba technology_white_paper15466 mba technology_white_paper
15466 mba technology_white_paper
 
Best practices for_implementing_security_awareness_training
Best practices for_implementing_security_awareness_trainingBest practices for_implementing_security_awareness_training
Best practices for_implementing_security_awareness_training
 
213946 dmarc-architecture-identifier-alignmen
213946 dmarc-architecture-identifier-alignmen213946 dmarc-architecture-identifier-alignmen
213946 dmarc-architecture-identifier-alignmen
 
Soa security2
Soa security2Soa security2
Soa security2
 
Cissp chapter-05ppt178
Cissp chapter-05ppt178Cissp chapter-05ppt178
Cissp chapter-05ppt178
 
Enterprise%20 security%20architecture%20 %20business%20driven%20security
Enterprise%20 security%20architecture%20 %20business%20driven%20securityEnterprise%20 security%20architecture%20 %20business%20driven%20security
Enterprise%20 security%20architecture%20 %20business%20driven%20security
 
3 securityarchitectureandmodels-120331064706-phpapp01
3 securityarchitectureandmodels-120331064706-phpapp013 securityarchitectureandmodels-120331064706-phpapp01
3 securityarchitectureandmodels-120331064706-phpapp01
 
Splunk 7.2.3-security-hardeningstandards
Splunk 7.2.3-security-hardeningstandardsSplunk 7.2.3-security-hardeningstandards
Splunk 7.2.3-security-hardeningstandards
 
Ms app 1.5.1-msinfra-bestpracticesguide
Ms app 1.5.1-msinfra-bestpracticesguideMs app 1.5.1-msinfra-bestpracticesguide
Ms app 1.5.1-msinfra-bestpracticesguide
 
IBM enterprise Content Management
IBM enterprise Content ManagementIBM enterprise Content Management
IBM enterprise Content Management
 
oracle EBS
oracle EBSoracle EBS
oracle EBS
 

Dernier

DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbuapidays
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 

Dernier (20)

DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 

Active directoryaccountprovisioningwp

  • 1. Active Directory Account Provisioning A lower cost and faster alternative to Identity Management Contents June 1, 2004 Introduction: ..........................3 With 29% of total annual IT time spent updating user account User Account Creation Today3 information , organizations are struggling to find an economical Account Changes 4 solution to reduce the expense and resources required to manage the user account lifecycle.1 Active Directory account Account Expirations 5 provisioning takes advantage of the fact that the majority of Multiple Data Stores 5 account management activities occur in Active Directory, and focuses on streamlining these activities to get quickest time to Identity Management.............6 value. Dream BigStart Small 8 This white paper explains how organizations can use the NetIQ Active Directory account provisioning solution to extend Active Leveraging Your Active Directory and address the majority of their user account lifecycle Directory Investment .............9 needs. It explains how an organization can combine the NetIQ off-the-shelf products to address key account management The NetIQ Solution ..............10 issues, while laying the ground work for a complete user account lifecycle management solution. This flexible approach allows Customer examples..............12 organizations to implement Active Directory account Conclusion ............................13 provisioning in steps, as they have budget, and provides immediate ROI on account management projects. Besides reviewing the information in this paper, NetIQ encourages you to visit our web site at www.netiq.com for more details.
  • 2. THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF A LICENSE AGREEMENT OR A NON-DISCLOSURE AGREEMENT. EXCEPT AS EXPRESSLY SET FORTH IN SUCH LICENSE AGREEMENT OR NON-DISCLOSURE AGREEMENT, NETIQ CORPORATION PROVIDES THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SOME STATES DO NOT ALLOW DISCLAIMERS OF EXPRESS OR IMPLIED WARRANTIES IN CERTAIN TRANSACTIONS; THEREFORE, THIS STATEMENT MAY NOT APPLY TO YOU. This document and the software described in this document may not be lent, sold, or given away without the prior written permission of NetIQ Corporation, except as otherwise permitted by law. Except as expressly set forth in such license agreement or non-disclosure agreement, no part of this document or the software described in this document may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, or otherwise, without the prior written consent of NetIQ Corporation. Some companies, names, and data in this document are used for illustration purposes and may not represent real companies, individuals, or data. This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. NetIQ Corporation may make improvements in or changes to the software described in this document at any time. © 1995-2004 NetIQ Corporation, all rights reserved. U.S. Government Restricted Rights: If the software and documentation are being acquired by or on behalf of the U.S. Government or by a U.S. Government prime contractor or subcontractor (at any tier), in accordance with 48 C.F.R. 227.7202-4 (for Department of Defense (DOD) acquisitions) and 48 C.F.R. 2.101 and 12.212 (for non-DOD acquisitions), the government’s rights in the software and documentation, including its rights to use, modify, reproduce, release, perform, display or disclose the software or documentation, will be subject in all respects to the commercial license rights and restrictions provided in the license agreement. Check Point, FireWall-1, and Provider-1 are trademarks or registered trademarks of Check Point Software Technologies Ltd. ActiveAgent, ActiveAnalytics, ActiveAudit, ActiveKnowledge, ActiveReporting, ADcheck, AppAnalyzer, Application Scanner, AppManager, AuditTrack, AutoSync, Chariot, ClusterTrends, CommerceTrends, Configuration Assessor, ConfigurationManager, the cube logo design, DBTrends, DiagnosticManager, Directory and Resource Administrator, Directory Security Administrator, Domain Migration Administrator, End2End, Exchange Administrator, Exchange Migrator, Extended Management Pack, FastTrends, File Security Administrator, Firewall Appliance Analyzer, Firewall Reporting Center, Firewall Suite, Ganymede, the Ganymede logo, Ganymede Software, Group Policy Administrator, Intergreat, Knowledge Scripts, Migrate.Monitor.Manage, Mission Critical Software, Mission Critical Software for E- Business, the Mission Critical Software logo, MP3check, NetIQ, the NetIQ logo, the NetIQ Partner Network design, NetWare Migrator, OnePoint, the OnePoint logo, Operations Manager, PentaSafe, PSAudit, PSDetect, PSPasswordManager, PSSecure, Qcheck, RecoveryManager, Security Analyzer, Security Manager, Server Consolidator, SQLcheck, VigilEnt, Visitor Mean Business, Vivinet, W logo, WebTrends, WebTrends Analysis Suite, WebTrends for Content Management Systems, WebTrends Intelligence Suite, WebTrends Live, WebTrends Log Analyzer, WebTrends Network, WebTrends OLAP Manager, WebTrends Report Designer, WebTrends Reporting Center, WebTrends Warehouse, Work Smarter, WWWorld, and XMP are trademarks or registered trademarks of NetIQ Corporation or its subsidiaries in the United States and other jurisdictions. All other company and product names mentioned are used only for identification purposes and may be trademarks or registered trademarks of their respective companies. Active Directory Account Provisioning 2
  • 3. Introduction: Remember thirty years ago, when Human Resources was called Personnel and the human resource data store was a dark file room filled with gray metal file cabinets? In those days, if an organization was computerized, it had a single information system running a small number of applications. When new people joined the organization, Personnel created a new file folder and added it to the appropriate file cabinet. If the new employee needed regular access to the information system, the information systems manager would create an account and logon for the specified application. If the new employee only needed occasional access, he might share a “guest” account with the rest of the organization. Back then, the process to create user accounts and logons was usually a manual one, with paper forms and approvals. Since the systems administrators were the ones creating accounts, as well as doing all the other administrative tasks, it might take a week or so for the new account to be created. It was also relatively simple to keep track of who had access to which applications, since the number of applications was limited and few people had access to them. User Account Creation Today These days, most employees will have access to several systems and applications, each with its own account and logon information. To put the problem in perspective, according to Computerworld, in 1995 IT departments supported an average of 25 applications per user and by 2001 that number had grown to 100 – 200.2 META research shows that organizations with revenues over $500 million typically have more than 75 applications, databases, and systems that require authentication.3 The amount of work to create all the necessary accounts on these different systems has grown exponentially. Even with today’s more advanced processes and systems, new employees still have to wait to get access to the systems they need. In a recent study by Stanford and Hong Kong universities of 200 Global 2000 companies, 48% of companies reported taking more than two days to provide a new hire with access to all the systems they need, and 10% reported taking more than two weeks.4 With many employees’ jobs directly related to interfacing with computer systems, delays in setting up new user accounts costs organizations directly in lost productivity and employee downtime. Even though new account creation can involve critical areas like enterprise security and touches many different systems and applications, new user account requests are frequently done in an informal manner. They are submitted manually on outdated forms, sent on paper through interoffice mail, phoned into the help desk, mentioned off- handedly in passing, or emailed to various locations for approvals and authorizations, all before even entering the IT work queue. This ad hoc approvals and notification process frequently slows down the new account creation and causes many of the delays reported in research. This type of distributed process can create security issues since there is no central authority overseeing which systems new accounts are being granted access to. With multiple people setting up new accounts, policies and naming conventions are also difficult to enforce. Active Directory Account Provisioning 3
  • 4. Account Changes As if new account creations were not enough to worry about, employee data is always changing. Employees change cell phone numbers, addresses, last names, titles, extensions, and office numbers. They can also change departments, organizational levels, business units, and locations. All of these changes need to be reflected in the user account information, but some of these changes also impact access to systems and applications. For example, an employee moving from New York to Boston will need accounts on the Boston mail server, but may no longer need access to the New York file server. In the case of promotions, employees who may have only had read access to certain data may now need the ability to make modifications, or may now need access to additional data. Figuring out the system ramifications of each of the changes is time consuming and difficult. Frequently IT organizations identify and enable access to the key systems involved in a change, like email, but wait for the affected employee to make access requests for the other systems. Unfortunately, this reactive approach increases downtime and can negatively affect employee productivity. Keeping track of these changes so that all users have the access they need, and only the access they need, is an-going challenge for many IT organizations. Figure 1. Efficiently managing the user account lifecycle can reduce help desk calls and account administration costs, while improving user productivity and security. Active Directory Account Provisioning 4
  • 5. Account Expirations As forward thinking IT managers frequently point out, at some point every employee leaves the organization. When employees leave, all of their access points need to be identified and disabled to prevent possible security problems. Every second an account is not deactivated, creates a window hackers and disgruntled ex-employees can use to gain unauthorized access to your systems. Even though most IT managers recognize this threat, according to the Stanford Hong Kong study 43% of companies surveyed take more than two days to disable user access and 15% take more than two weeks.5 Two weeks is an enormous amount of time to leave your system vulnerable. Even more concerning is the fact many organizations do not disable all the accounts associated with a user. In fact, according to IDC expired user accounts make up approximately 60% of all accounts in corporate systems6. The difficulty of keeping track of what each employee has access to, is likely the culprit of these expired user accounts. But regardless of the reason, expired user accounts present a serious security concern. From an economic standpoint, expired user accounts are also expensive. Many software applications charge license fees based on the number of user accounts in an environment, but are unable to distinguish between active and inactive accounts. In addition, inactive accounts are expensive to manage as they increase the time required to perform any account management activity. The clear drivers that are pushing organizations to address the user account management problem are identifying and disabling expired user accounts and removing the associated security vulnerabilities and administrative expenses. Multiple Data Stores Adding yet another layer of complexity on the issue of user account management is the fact that organizations have multiple data stores. META Group research shows that organizations with revenues greater than $500 million typically have around 68 internal and 12 external data stores. META also shows that 75% of internal users are contained in multiple data stores.7 This means that when you need to make a change an employee’s information or access rights, you have to make that change in multiple places. Coordinating and managing changes across multiple data stores is expensive. Every time an employee changes departments or a new employee is added, an IT resource has to manually enter redundant data in approximately four different applications or systems—8 assuming the IT resource has access to all the different data stores. Frequently these data repositories are independently owned, managed by different departments or business units and updates have to be coordinated manually or over e-mail. Active Directory Account Provisioning 5
  • 6. It is easy to see how the time and expense can accumulate even when making the simplest changes. In addition, making changes in different places also increases the likelihood of inaccuracies and inconsistencies across the data. With employees having account data in multiple locations, it becomes very likely that a change is made in one data repository and not in another, which leads to problems of data accuracy and consistency. According to META, 11% of employees will experience a user access rights issue and 7% an incorrect personal information issue each month9. Unfortunately it is frequently the over burdened IT organization that has to identify and correct all these issues. The daily flow of user account changes is overwhelming many IT organizations. Industry estimates put 29% of total IT time spent modifying user account information annually10. In an effort to cope with the increasing administrative demands of managing user account changes, many IT organizations have pushed account maintenance off to lower level administrators and help desk personnel. No matter who does the actual account creation, the process itself is time-consuming and repetitive. Data has to be gathered from multiple sources, entered multiple times in varying formats into different access directories, and a rote set of tasks has to be performed. Multiple data stores increase the difficulty of figuring out who has access to which resource. There is no obvious way to associate one person with all of their access accounts in a multiple data store environment. Organizations may not be aware of many potential security concerns, like a sales rep who used to be in accounting and still has access to the billing system. With privacy regulations introduced with HIPPA, it has become essential for many organizations to know exactly who has access to which data, at all time. Multiple data stores also increase the probability that when an employee leaves the organization that some of the access points associated with that employee will not be identified and disabled. As mentioned earlier, these orphan accounts present a real security threat. Identity Management Identity management solutions are frequently proposed as a solution to the escalating demands of account provisioning. The attraction of these solutions is they offer integrated management of user identities, which facilitates seamless interaction between individuals and the machines essential to eBusiness11. These solutions, however, manage more than the lifecycle of user accounts. Identity management solutions verify the credentials and manage the access rights of employees, business partners, suppliers, contractors, and customers. They can extend across all electronic resources in an organization and can identify who is accessing what, where they are located, what group they belong to, what applications and operations systems they can use, and once in them, what they are allowed to see and do. Active Directory Account Provisioning 6
  • 7. Identity management solutions, though extremely powerful, are also expensive and difficult to implement. These solutions involve multiple systems, on disparate platforms, with complex authentication and security protocols. Since they link identity attributes, policies, and preferences not only behind a corporate firewall but also over the Web, they require the input and consensus from many different groups, both inside and outside of the organization, to be successful. Organizations launching an identity management solution have to address issues like integrating disparate business processes, regulatory restrictions on personal data, and agreeing upon unsettled standards. Gartner notes that identity management is a multiyear project, and that not all projects will achieve ROI in less than a year. They contend that understanding the current workflows and the data architecture needed for identity management increases the complexity of these projects and can make them seem overwhelming to many organizations12. Figure 2. Identity management solutions manage identities and access to systems and extend beyond the organizational firewall. For organizations with extended e-business relationships with partners, suppliers, contractors, and customers, where verifying the person is exactly who they say they are, and granting access to specific systems based on the verified identities, identity management solutions are critical and can offer incredible economic benefits. Gartner estimates that a company with 10,000 employees can save $3.5 million over three years, and see 295% return on their investment.13 Smaller organizations, and organizations that do not extensively share electronic systems with partners, suppliers, or customers, though, often find it difficult to justify the time and upfront expense associated with identity management solutions. These organizations are still required to support an increasing number of applications and experience much of the same pain of user account management. They are looking for a less expensive, less complex, easier to implement, and quicker time to value solution that addresses their immediate needs and allows them, once they have those under control, to expand to the other systems in the enterprise. Active Directory Account Provisioning 7
  • 8. Dream Big, Start Small Rather than trying to do everything all at once, many organizations are working on smaller projects that they can eventually unite into a larger identity management solution. This approach reduces the upfront costs and allows organizations to add features and capabilities as they have budget, while reaping immediate benefits from the parts they implement. Figure 3. The more systems involved in a solution the more complex the project becomes and the longer the time to value. The preponderance of Active Directory accounts provides a high value area where substantial returns can be realized in a fraction of the time and expense of a complete identity management solution. For organizations interested in pursuing this type of strategy there are a few tried and true approaches to ensure success14. • Prioritize: Identify the functions and capabilities that will have the most immediate impact on your business and, if possible, start with those. By hitting high value items first, you are ensuring a faster return on your investment. • Work in phases: Even with the priorities, divide them into smaller projects. Smaller, finite phases are easier to plan and implement, and less likely to suffer from project scope “creep”. You can use the ROI from the completed phases to justify the subsequent phases. • Develop a long-term vision: Once you have identified priorities, organize them into an overall vision. The long-term vision will provide a context for understanding how the smaller projects interrelate and provide a framework for making project decisions. • Use standards based infrastructures: If you conform to industry standards then it is easier to build on your solutions in the future, and you are less likely to run into incompatibilities and obsolescence issues. Also, standards make it easier for business partners outside your environment to work with what you develop. Active Directory Account Provisioning 8
  • 9. Leveraging Your Active Directory Investment User account lifecycle management is easy to break into smaller projects that can be prioritized and deployed in phases. With the right long-term plan, an organization can divide their user account lifecycle management project into small quantifiable objectives, such as reducing the time required to create new accounts or reducing the time required to identify and disable inactive accounts. Though small, such objectives can deliver an immediate ROI. The first step to solving user account management is consolidating user account information into a central data repository that you can manage with a consistent set of access methods and policies. The good news is that with the predominance of the Windows networking infrastructure, most organizations already have a central data store implemented in their environment—Active Directory. Active Directory is a directory service based upon the Lightweight Directory Access Protocol (LDAP), which stores user information and access rights. Using widely understood standards, Active Directory supports Windows security and authentication protocols, which makes it easy to build interoperable solutions on Active Directory is an ideal user account information repository with over 300 attributes that combine uniquely to build a user account. Active Directory also supports schema extensions, which add an incredible amount of power and flexibility to the type of solutions you can define. Since Active Directory is already installed, and uniquely equipped to handle user account and access data, it is an ideal cornerstone for a quick time to value user account lifecycle management solution. From an IT manager’s perspective, it is also completely within the control of the IT department, which eliminates much of the complexity associated with cross-functional Identity Management projects. Active Directory Account Provisioning Solutions Active Directory account provisioning is basic identity management for Active Directory user accounts. Active Directory account provisioning takes advantage of the fact that the majority of account management activities occur in Active Directory, and focuses on streamlining these activities to get quickest time to value. Active Directory account provisioning uses the reach of Active Directory to introduce a structured environment for user account administration, and to coordinate account management and related security policies across the enterprise. As a result, Active Directory becomes the centralized data repository for managing user account information and access rights to IT resources and assets. Active Directory Account Provisioning 9
  • 10. To create an Active Directory account provisioning solution, organizations are faced with the decision of whether to build or buy. If they build it, cobbling together the tools provided with Active Directory and linking them to different process with scripts or code, they can get exactly what they need. This approach, though, is rather risky since scripts and custom code are difficult to maintain Active Directory Account and suffer from compatibility and Provisioning Enables interoperability issues. In addition, custom Organizations to : projects like this can be costly and difficult to manage Implement self-service solutions for password resets, Exchange Another option is to purchase off-the-shelf distribution lists, and white pages tools. The difficulty with this approach is information finding exactly what is needed, especially Implement HR driven user account since every organization manages account udpates creation, modifications, and deletions Incorporate workflows and approvals differently. Given the scope of user account into account updates management, it is unlikely there is one Coordinate Exchange mailboxes solution that will do everything required. administration with user account Trying to build a unified solution using administration unrelated tools is also a challenge. Even Automate home share and disk tools based on industry standards frequently quotas with account creations run into incompatibility issues that can threaten the success of the entire project. The NetIQ Active Directory Account Provisioning Solution NetIQ, a leader in security management, offers an Active Directory account provisioning solution that allows organizations to meet their immediate Active Directory account management needs with point of pain solutions, while at the same time lay the groundwork for future user account lifecycle management solutions. NetIQ provides off- the-shelf products to address key account management issues that can also be easily combined together to build more complete account lifecycle management solutions. The NetIQ approach allows organizations to implement Active Directory account provisioning in steps, as they have budget. Active Directory Account Provisioning 10
  • 11. Out-of-the box, NetIQ’s products automate and streamline many user account administration tasks, such as creating a home share at the same time a new user account is created. They further reduce IT administrative workload by providing a secure method to distribute user account administration tasks across the organization. These products also support a wide spectrum of open, extensible standards including Active Directory Service Interfaces (ADSI) and Windows Terminal Server (WTS). One of the features that sets NetIQ products apart from other user account management solutions is the seamless integration of policy enforcement with directory updates. NetIQ products make it easy to define and enforce policies and conventions that ensure the integrity, consistency, and completeness of Active Directory data. These products also provide comprehensive auditing and reporting. They log all administrative actions and create an easy-to-follow audit trail. From these logs, customers can track administrative actions over time to establish correlations, create performance metrics, and enable ROI analysis. Figure 4. NetIQ Active Directory account provisioning allows organizations to automate multi-step business workflows while enforcing security policies. NetIQ products include easy-to-use automation capabilities that simplify complex multi- step business workflows. Leveraging NetIQ automation, organizations can update Active Directory automatically using HR data to grant access rights to new employees and move home directories automatically when an employee’s site location changes. Automating work flows reduces mistakes and ensures that all steps are completed. It also reduces the time and resources required to make user account changes. NetIQ products can also be used to extend beyond Active Directory to other applications and databases to further streamline account management tasks. NetIQ’s Active Directory account provisioning allows organizations to tailor a solution to meet specific business needs. The product installs quickly. Within hours, organizations can implement account management solutions that can have an immediate effect on their bottom line, such as self-service password reset. Organizations can integrate their HR data with Active Directory so that as they add a user account in the HR system, the Active Directory account, home share, disk quota, Exchange mailbox, and group memberships are all created automatically. In addition to the products being quick to install and featuring a quick time to value, organizations only pay for what they need when they are ready to use it. Active Directory Account Provisioning 11
  • 12. Customer examples of NetIQ Active Directory Account Provisioning Solutions NetIQ customers have implemented a wide range of Active Directory account provisioning solutions. From simple self-service password resets to full HR integration, customers have used NetIQ products to solve their user account administration problems. Customers have implemented a combination of the following strategies: • Delegate – empower help desk personnel and non-system administrators to do the manual account management tasks in a secure and controlled environment. Delegation moves the function closer to the end user, improving response time and customer satisfaction, while reducing IT’s involvement in routine administrative tasks. • End user self-service – allow end users to directly interact with selected elements of their account data. Implementing self-service makes end users responsible for keeping specific data current, such as phone numbers and addresses. • Automation – have systems perform as many account management tasks as possible. Automation not only increases productivity but it also ensures consistent application of policies. Below are some user account lifecycle issues organizations identified and resolved using NetIQ solutions. IT resources overwhelmed IT resources at a financial institution were overwhelmed with simple account management tasks and were not able to focus on more strategic IT projects. The NetIQ solution implemented secure delegation, which allowed this organization to safely distribute account administration to departmental administrators and help desk personnel, freeing up 80% of IT resources for higher value IT projects. Account updates taking too long The turn around time for account updates and account additions at a large insurance institution was over a week and was costing the organization in lost productivity. The NetIQ solution combined self-service and automation to create an automated web form for account updates and account additions that allowed employees and their managers with appropriate access, to directly update Active Directory information. The updates were instantaneous, which eliminated downtime. They were also subject to organization naming conventions and policies, which protected the consistency of the Active Directory information, and were able to be safely performed by non-IT resources, which freed up IT resources for other projects. Active Directory Account Provisioning 12
  • 13. Security concerns An oil company with offices distributed around the world was concerned about security issues caused by orphaned user accounts and needed to meet stricter auditing requirements. The NetIQ solution automated network auditing and enabled the organization to quickly identify hundreds of orphaned accounts across their entire network and disable them. The detailed logging and reporting allowed the company to meet their audit requirements. Account updates too expensive A pharmaceutical company needed to reduce the cost of maintaining user account information and improve the turn around time for changes. The NetIQ solution reduced the account maintenance turnaround time and expense by automating Active Directory account updates from the HR database. Every night, the process collected all the new employees in the HR database and created Active Directory accounts with home directories, Exchange mailboxes, and even basic group memberships, allowing new employees to be immediately productive. It also collected selected employee updates, such as department and telephone, and made those changes to the Active Directory accounts. For employees marked terminated in the HR database, the solution disabled all access accounts, preventing possible security threats. Conclusion User account lifecycle management is an expensive and time-consuming undertaking. It can absorb all available IT resources and prevent other more strategic IT projects from getting the time and attention they deserve. With the ever-increasing number of applications and data stores enterprises introduce into their environment, the problems around user account management are only going to grow and demand more time and IT resources. Organizations seeking a solution to the escalating IT resource requirements for user account lifecycle management are frequently drawn to Identity Management solutions, which promise integrated management of user identities and seamless interaction between individuals and a variety of applications. These solutions however, extend beyond the organization to include external partners, suppliers, and customers and can be expensive and time consuming to implement. Many organizations cannot justify the upfront cost and long implementation cycles required to develop and deploy an identity management solution. Active Directory account provisioning is a viable solution for these organizations. Active Directory Account Provisioning 13
  • 14. Active Directory account provisioning leverages an organization’s investment in Active Directory. This approach takes advantage of the fact that the majority of account management activities occur in Active Directory, and focuses on streamlining these activities to get quickest time to value. Active Directory becomes the centralized data repository for managing user account information and access rights to IT resources and assets. Active Directory account provisioning allows organizations to reap a large percentage of the cost savings and increased security promised by full-blown identity management solutions, but at a fraction of the time and expense. NetIQ offers powerful Active Directory account provisioning solutions that feature secure delegation, policy enforcement, auditing, and extensive automation capabilities. NetIQ provides off-the-shelf products that meet immediate user account management needs. These products can also be combined together to create user account lifecycle management solutions. The NetIQ enabled Active Directory account provisioning is incredibly flexible, allowing organizations to quickly build a solution that meets both their requirements and their budget, while allowing them to easily add functionality in the future. NetIQ Active Directory account provisioning maximizes an organization’s investment in Active Directory and reduces the cost and expense of user account management. 1 META Group White paper, August 2002 “The Value of Identity Management” 2 Computerworld, July 09,2001 “Want to Save Some Money? Automate Password Resets”, Pimm Fox 3 META Group White paper, August 2002, “The Value of Identity Management” 4 Exploring Secure Identity Management in Global Enterprises, Stanford University and Hong Kong University of Science and Technology, March 2003 55 Exploring Secure Identity Management in Global Enterprises, March 2003, Stanford University and Hong Kong University of Science and Technology 6 IDC Viewpoint, March 2003, “Identity Management, Integrating People Process and Machines”, David Senf. 7 META Group White paper, August 2002 “The Value of Identity Management” 8 Exploring Secure Identity Management in Global Enterprises, March 2003, Stanford University and Hong Kong University of Science and Technology, 9 META Group White paper, August 2002 “The Value of Identity Management” 10 META Group White paper, August 2002 “The Value of Identity Management” 11 IDC, March 7, 2003, “Identity Management: Securing Your e-Business Future”, David Senf 12 Gartner and Price Watherhouse Coopers, 2001, “Identity Management – The business context of security” 13 Asia Computer Weekly, March 2003, “Identity Management market at a Crossroads”, Queenie Ng 14 Computerworld, July 14, 2003, “ Know Thy Users : Identity Management Done Right”, Deborah Radcliff Active Directory Account Provisioning 14