Self-Service Group and Directory Management
Managing Active Directory group membership and user attributes is a tedious job for administrators. Giving a web-based self-service option allows administrators to delegate active directory administration to end users. But you need controls. GroupID enables end users to update their own directory information and manage groups based on controls the administrators set. Group management is enhanced as users can create and manage their own groups, opt-in and opt-out of groups based on the security setting for that group. Group renewals and expirations are administered and controlled within GroupID Self-Service. Save your administrators time and effort by putting control of pertinent data in the hands of the end-users.
“Before Imanami, I had to staff several employees just to make changes. That is no longer the case. The products were easy to install, Imanami was great to work with and the systems virtually run themselves.”
“What more could you ask for?”
City of Atlanta’s CIO
Save Users and IT Time
GroupID Self-Service increases productivity for both IT and the business. To take advantage of Active Directory, the information within it needs to be accurate. Users need to have a quick, easy and secure way to update their pertinent personal information. Some attributes should be editable by the user (mobile phone, home address), some should be editable by the user’s manager (title, location) and some should only be editable by IT (email address). GroupID Self-Service gives all of these options with the additional ability to create workflows to give IT even more control, without more work.
According to a survey by Osterman Research, 81% of organizations manage their groups manually. This means that 4 out of 5 organizations have IT manually adding users to groups every time an employee is hired or changes positions. This takes up, on average, 6 hours per week per 1000 employees and, according to the same survey, 42% of users are still in the wrong distribution lists or security groups.
GroupID Self-Service delegates that burden onto a resource that has a vested interest in managing these groups, the users. A group owner can create a group, manage the membership, and make sure that the group is always accurate. The group owner can also open their group to allow other users to optzin to the group. IT can control the whole process with simple to set workflow.
Complete Group Lifecycle Solution
One of the issues of opening groups up to users is the proliferation of groups, something we call group glut. If there are no controls in place, too many groups are created or worse yet, once useful groups are left “cobwebbed” in the Global Address List. The solution to this is group lifecycle. There are four steps to a group’s useful life:
Give workflow to ensure that group is approved and/or meets naming conventions
During a group’s useful life allow owners to manage groups and users opt-in and opt-out of groups
Define a lifecycle for group renewals and enforce that the owner has to actively renew a group to continue to using it. Group owner(s) are notified before the expiration, giving them time to renew it or let it expire
Once a group has expired and the owner has not renewed it, wait a set period of days to delete it, giving the owner a chance to “get it back”
GroupID Self-Service gives IT a complete group lifecycle solution, allowing users to manage their own groups but giving IT the control to keep it from getting out of hand. This group lifecycle solution allows you to control group glut on both security groups and distribution lists. When you expire a security group, GroupID will back-up the membership and then remove all members, effectively disabling the group until the group owner(s) renew it. When you expire a distribution list, the group is un-mail-enabled so that messages will bounce. In both cases, the group is appended with an exp- prefix and hidden from the ability to opt in or out.
How Does GroupID Self-Service Do It?
GroupID Self-Service is a web-based portal that gives an intuitive front-end to Active Directory. Users and Administrators can update user attributes and create distribution lists and security groups based on permissions and workflow designed by IT. GroupID Self-Service improves on Active Directory in that it allows for multiple owners of groups, workflow on any attribute changes, security settings on view/edit with field-level security, customizable branding, and differing security settings on groups.
The simple to use MMC administrative interface allows IT to create multiple portals, manage workflow and group lifecycle, and easily brand the self-service portal. Giving access and control of user data to the users helps the organization be more nimble and productive; having control of who can do what helps keep the organization more secure. GroupID Self-Service gives you both.