group access identity

The Role of Roles in Delegating Access

The delegation of directory administration to those outside of IT is a concept whose time has come. But it can’t be done hap-hazardly; IT needs to define what is being delegated and to whom. We’re at a point in the evolution of our industry that two truths have come to fruition: IT no longer has…

azure groupID

Azure AD Gets on the Group Expiration Bandwagon

Azure AD Gets on the Group Expiration Bandwagon I recently wrote about the need for group expiration as part of a comprehensive lifecycle approach to group management. It’s a necessary step, given the life of group objects in any of the directories you manage won’t last forever. The only exceptions, generally, lie around built-in administrative-type…

office 365

Managing Microsoft 365 (and Office 365) Groups in the Enterprise

The shift to the cloud has many organizations focused on the productivity features available in a given cloud suite. And M365 is no exception. There’s a long list of applications in M365 – a list that’s continually growing. But, Using M365 isn’t just about productivity; it’s also about security and control for IT.  And, like…

Google Workspace management

Managing Google Workspace Groups in the Enterprise

At the core of every environment that is designed to make people productive is the need “under the hood” to be able to establish what users of that environment can do, what they can access, and – in many cases, how they can easily communicate with other users. The long-standing methodology (with a few exceptions…

Microsoft azure

Directories, How Many Are You Really Managing?

Directories, How Many Are You Really Managing? Directories came from a simpler time – one where a single, on-premise directory was enough. But recent shifts in how businesses leverage technology – such as the digital transformation, and the move to cloud-based applications and infrastructure –  have given way to use of SSO (link), concepts like…

webSSO

The Productivity Gap in Single Sign-On – Accuracy In Directory is Key

In my last article, I introduced the merits of using Single Sign-On within your organization. In it, I discussed the possible security gaps that can multiply as you, in essence, extend your on-prem directory service to include multiple directories. And, while there are security benefits for using SSO – centralized policies and administrative work (which…

Active Directory

2018: Changing the “Directory” Definition

Here at Imanami, we’ve spent the last number of years talking about the need to keep Active Directory secure. While still a valid and pertinent message today, a lot of changes in the industry give us pause to consider Active Directory’s role in the larger picture, and to reflect on how the very same group…

Managing Groups in the Microsoft 365 (and Office 365) Cloud

Projecting your on-premise Active Directory groups into your M365 hosted Exchange You still need Active Directory even though you have outsourced Exchange to Microsoft via M365.  So, how do you manage it?  You want your user attributes to be accurate, group memberships up to date, unused groups expired, and security groups to be, well, secure. …

automated provisioning and security

Automated User Provisioning & Deprovisioning in Active Directory 

In any organization, there are numerous users’ objects including employees, managers, and clients, in active directory and azure active directory, with certain attributes assigned to them within HR database. All these users need to have appropriate active directory permissions within organization’s identity and access management framework, to allowing employees access resources on the network, so they can do their jobs effectively. They cannot be held back by needing to request access each time…