map

Using Active Directory groups for cloud identity management

I recently watched a great video on cloud federation by Coreblox and Ping Identity.  You know the problem they’re trying to solve, your users are using applications in the cloud and your access and authorization solutions are stuck on premise.  Ping Identity solves that beautifully. Here’s the gist: an Active Directory user is added to…

map

Best Windows product: Imanami GroupID

They say a picture is worth a thousand words.  So behold this novella: Imanami’s GroupID won the Best Windows Product award at the recent Windows Connections conference in Las Vegas.  Our HQ lobby is filled with awards and plaques and other achievements but I find this one a little more satisfying than most. Why?  Because…

map

The best way to expire an Active Directory group

In the world of Active Directory, groups are binary: they exist or they don’t.  Other Active Directory objects can be tombstoned, but with groups, they become useless once tombstoned since all of the ACLs and memberships are lost.  And Active Directory doesn’t give you the ability to expire and renew them while keeping all of…

map

Accurate Active Directory group membership with high employee turnover

The average organization has just under 20% annual internal turnover.  This means that 1 in 5 employees will change jobs per year.  At the same time, external turnover is approximately 5%, meaning 1 in 20 employees will leave the organization.  That, my friend, is a lot of change. But it is nothing compared to the…

map

Sweet 16! Imanami selected as SINET 16 Innovator

Imanami has been chosen as a SINET 16 Innovator and asked to present at the annual SINET Showcase. Each year, a select group of technology companies that can improve efficiency and security at government agencies are asked to present and demonstrate their solutions. Imanami’s GroupID will help solve identity management security problems from group-based access control…

map

Delete or disable an Active Directory account? One best practice.

I was recently talking to a customer about the best practice for deprovisioning a terminated employee in Active Directory.  Delete or disable?  Microsoft doesn’t give the clearest direction on this but common sense does. The case for deleting an account is that, BOOM, no more access.  No ifs ands or buts, if there is no…

map

Defining Active Directory management tools

I see the term Active Directory management tools used everywhere from provisioning to SSO to reporting to auditing.  I see it used for managing users, groups, GPOs, and everything in between.  It seems to be a broad term meaning software that fills in the holes that Microsoft left in Active Directory. It also seems that “tools”…

automated provisioning and security

Automated User Provisioning & Deprovisioning in Active Directory 

In any organization, there are numerous users’ objects including employees, managers, and clients, in active directory and azure active directory, with certain attributes assigned to them within HR database. All these users need to have appropriate active directory permissions within organization’s identity and access management framework, to allowing employees access resources on the network, so they can do their jobs effectively. They cannot be held back by needing to request access each time…

map

How to keep SharePoint from becoming shelfware

I don’t mean to imply that a lot of SharePoint deployments become shelfware.  Nor do I intend that this post will be an exhaustive list of the reasons SharePoint is or isn’t used. But, based on my experience, I know why a lot of SharePoint deployments go stale.  Groups.  Groups are a good and bad thing. …

map

Accurate Active Directory groups keep kids out of jail

I know that the premise that accurate Active Directory groups keep kids out of jail is so obvious that it might not need to be said.  But we wanted to explore the concept of what accurate Active Directory groups do for your organization more fully.  More scientifically. Ruminating in a think-tank fashion, we came up…