Challenge
We have multiple locations, each with their own workflow and network administrators who all have access to AD to make necessary changes. The challenges that we face are two fold. One, this causes us to have far to many privileged accounts in our environment. Two, our ability to allow limited privileges to portions of AD is hindered by ADs lackluster inbuilt security mechanisms. An example of this is the difficulty in giving our help desk the ability to create new accounts, de-provision accounts, reset passwords, and unlock accounts without giving them greater access to AD as a whole. Another challenge we face is giving the user an easy way to reset their password if they have forgotten it without the intervention of the IT department. We also face challenges with the upwards of a 1/2 hour wait for passwords to sync to Office 365. Finally, we have no easy way to manage Office 365 email specific attributes without installing a local Exchange server, even though our schema has been expanded to include those attributes.
Solution
Adaxes has solved all of the above challenges. We now have the ability to assign granular permissions to all of our site worklow managers and network administrators using Adaxes instead of giving the domain admin privileges. We have also created custom rules so that not only can we allow our help desk to create and deprovision users, we have ensured that the exact process happens every time. No steps get missed because it is all orchestrated by Adaxes. Not to mention, giving the ability to reset and unlock accounts to the help desk is simple and we can do it securely without giving them access to edit properties they don't need to. We also appreciate that when a password is reset through Adaxes, Office 365 is updated immediately. Finally, Adaxes has access to all the exchange attributes we need to be able to modify so they can be synced to Office 365, and makes it easy to update them through the web portal.
Benefits
Our senior IT staff that have the ability to create users, deprovision users, change passwords, etc., will see an almost 100% reduction in these types of tickets as the help desk will now have the ability perform these regular tasks. Our user creation process and user deprovisioning now take 5% of the time it used to, and because it is handled by Adaxes through the use of scripting and business rules, no steps are missed and the process is standardized. Our systems and network security has been substantially increases as we have the ability to reduce the amount of privileged accounts as well. Finally, end user satisfaction has increased as simple tasks like unlocking their account and resetting their password through the self-service portal do not require IT staff intervention. It is therefore much quicker for them to get back up and running. Finally, with these types of tickets (unlocks and resets) not being created, the help desk has more time to work on tickets that are legitimately impacting someones productivity.
Wayne Griffith
Sr. Systems Engineer