Adaxes provides rule-based automation for on-premises AD, Azure AD, Exchange, and Microsoft 365. You can create workflows with custom if/else conditions that will be automatically executed before or after certain events in your directory. For example, after the department of a user changes, Adaxes can automatically update the user’s group membership and send an email notification to the user’s manager, following the rules you have defined.
Automated user provisioning
Using condition-based rules you can automate the entire user provisioning process. Once a new user account is created in your directory, Adaxes will automatically execute the rest of the onboarding procedures for you: add it to the necessary groups, create and configure an Exchange mailbox, assign Microsoft 365 licenses, create and share a home folder, send a welcome email, etc. Similarly, you can automate all operations associated with user updates. When a user is terminated, Adaxes can automatically execute all the deprovisioning operations to guarantee instant and errorless offboarding.
Adaxes Web interface unites on-premises AD, Azure AD, Exchange, and Microsoft 365 under one roof. You can manage users, groups, their mailboxes and 365 licenses from a standard web browser on any device, even your mobile phone. Moreover, you can let your users access the Web interface and give them various degrees of freedom within. The Web interface can be whatever you want - a helpdesk portal, a self-service portal, a tool for administrators, and much more.
The Web interface is fully customizable, so you can configure it to have the exact views, forms, and operations each user needs. For example, your helpdesk team might need access to a wide range of operations in your directory and Microsoft 365, while HR staff might only need the ability to create user accounts and update their personal information. Each and every job role can have its own Web interface perfectly tailored for its needs.
Adaxes Web interface can act as a self-service portal for regular users. You can granularly specify the operations users have access to, like updating their personal info, changing their own password, searching the directory, managing their own group membership, updating Microsoft 365 licenses, etc.
Adaxes password self-service allows users to reset forgotten passwords and unlock accounts by themselves. To do that, they need to go through a simple identity verification procedure that may involve answering security questions, SMS verification, using authenticator apps like Google Authenticator, Okta Verify and others. Self-password reset can be accessed from the computer login screen (Windows and macOS), Adaxes Web interface, or it can be integrated into your corporate portal if you have one.
Offline and out-of-office password self-service
Adaxes self-password reset also works for users who are offline or out of office. Normally, when they forget their password while working from out of office, e.g. from home or on a business trip, the only way to log in to their laptop again is to come back to the corporate network, even if the help desk resets their password in AD. But with Adaxes, they can go through a standard password reset procedure, as if they were on-prem, with no VPN required. After that Adaxes updates the local credentials cache on the laptop and allows users to simply log in with their new password, no matter where they are.
Exchange and Microsoft 365 automation
Adaxes automates the management of Exchange mailboxes and Microsoft 365 licenses. For example, after creating a new user account in a managed domain, Adaxes can automatically create an Exchange mailbox for the user and then configure it e.g. modify storage quotas, add Send As permissions, and enable mailbox features like Archiving.
On top of that, Adaxes can maintain the M365 licenses of your users so that everyone always has only the licenses they need. For example, you might want to assign licenses based on a user's job role, location, or group membership, and have them automatically removed right when a user changes the role, leaves the group, or even leaves the company.
And, of course, you can manage Exchange mailboxes, and M365 licenses from the Adaxes Web interface. Mailbox and license settings are neatly displayed when browsing user accounts, so you don't need to toggle between different consoles to view and modify them.
Adaxes provides a single management ecosystem for on-premises AD domains, Azure AD domains, Exchange, and Microsoft 365. You can manage as many domains as you need but, more importantly, apply all your automation rules, scheduled tasks, enforced data standards, etc. across your entire environment in a unified manner. It doesn't matter where your domains are located, whether there are trust relationships between them, whether you have a pure on-premises, hybrid, or pure cloud environment.
Adaxes also enables centralized delegation of permissions across all managed domains. For example, one of your divisions might be based in an on-premises domain while another in Azure AD, yet you will be able to delegate all the required permissions to the helpdesk team. Everything including Exchange and Microsoft 365 can be managed centrally without the need to switch between different admin portals and accounts.
Adaxes introduces role-based access control for on-premises AD, Azure AD, Exchange, and Microsoft 365. In a role-based delegation model, instead of assigning permissions to users, they are assigned to roles that correspond to job functions. When you need to change the privileges for all users with the same job function, all you need to do is modify the permissions of the associated role. Roles are assigned to users centrally, allowing you to easily control who can do what and where.
With role-based delegation, you can granularly control which parts of your directory are visible to users. For example, you can allow certain users to view only the objects that are members of specific groups, while hiding the rest of the structure.
Adaxes allows you to add an approval step to practically any operation in the on-premises AD, Azure AD, Exchange, and Microsoft 365. For example, you can delegate user creation to HR, but after they fill in the form and click Create, Adaxes can suspend the operation and only proceed once a member of the IT staff reviews and approves it. For more complex and security-sensitive scenarios, you can set up multi-step approvals. Such an approach allows delegating more tasks to lower-level staff without taking the risk of losing control.
Data standards enforcement
Adaxes allows enforcing corporate data standards in your on-premises AD or Azure AD. It enables you to put format restrictions on certain properties of objects like user accounts and groups. For example, you can make the Employee ID always have two capital letters and five digits. To make sure that fields like Description are never left empty, you can mark them as required. Also, you can limit properties like Department or Office to only have one of the predefined values and display them as drop-down lists. This way, you can keep the data consistent and minimize any mistakes caused by human factors.
Adaxes comes with reporting capabilities, allowing you to monitor and analyze what’s going on in your environment. Out of the box, you get more than 200 reports, which should cover the majority of your requirements. For more demanding scenarios Adaxes also provides various ways to create custom reports, including using scripts. It enables you to create reports of practically any complexity that can be specific to your organization's needs. To deliver reports to users, Adaxes supports centralized scheduling and also provides a self-scheduling option, allowing users to choose by themselves which reports they want to receive and when.
Adaxes can also display report overviews that combine charts from multiple reports and present them in a single view. Out of the box, Adaxes offers general report overviews for risk analysis, directory cleanup, Exchange monitoring, etc. but you can also create your own overviews by combining charts from the reports of your choice.
Adaxes enables you to automate the membership of your groups by making them rule-based. You can establish membership rules for any security, distribution, or Microsoft 365 group, and Adaxes will manage its members for you. For example, you can configure a group to include users with the word Supervisor or Manager in their job title, but only if their account is enabled. Of course, membership rules can be more complex, to accommodate any membership logic.
Rule-based groups are no different from any other group. You can use them to delegate permissions, distribute emails i.e. accomplish everything you can with ordinary groups. Using rule-based groups, you can eliminate the need to manage group members manually and ensure that objects in your directory always have the correct group membership.
Organizational units for Azure AD
Adaxes enables you to create a virtual directory structure of Organizational Units for Azure AD domains. It is completely optional, it has absolutely no effect on your Azure AD, but it greatly simplifies the assignment of permissions, automation rules, and scheduled tasks in Adaxes. Besides, you can arrange users, groups, and resource mailboxes into an easy-to-navigate structure and allow browsing it via the Web interface like a company directory.
Business units are virtual rule-based Organizational Units. They can combine objects from different OUs, domains, forests, Azure AD domains - literally anywhere, and present these objects as if they were in the same OU. For example, a business unit can contain all users whose department is Sales regardless of whether their account is on-premises or in Azure. If a user's department changes, business units are dynamically updated so that they always contain what their rules say.
Business units enable you to create an alternative rule-based structure for your directory. For example, you may have geo-based OUs and, at the same time, arrange users into business units based on their job roles. You can then use business units to assign automation rules, delegate permissions, and even allow users to browse your virtual structure in the Web interface.
Custom commands enable users to launch complex multi-step operations in one go. For example, if an HR manager needs to send an employee on vacation, they can do it with just one click in the Web interface. The operation can include steps like setting an out-of-office reply, adding the account to a corresponding group, sending a notification to the user’s manager, etc. Such an approach allows you to delegate complicated tasks to users without any chance they will miss a step or do something wrong. Besides, you don’t over-privilege them, as you only give out permissions to execute the custom command as a whole instead of individual steps.
Administrators can use custom commands in their day-to-day routines to perform complex workflows for multiple users in bulk, making the process simpler and quicker. Custom commands can also be used to run scripts straight from the Web interface. You can even delegate the execution of scripts to non-technical staff, presenting it like yet another one-click operation for them.
Scheduled tasks let you automate routine processes in your environment. For example, such tasks can automatically deprovision inactive user accounts, maintain group membership of active users, import user changes from an HR system, etc. Automating sensitive operations like user import doesn’t mean that you need to sacrifice any control, as you can add an approval step to them. This way, accounts will be created or updated only after a member of the IT staff reviews and approves the operation. You can also use scheduled tasks to send various notifications to users, like reminders about their password or account expiration.
All operations performed via Adaxes are logged, so you can always see who did what, when, and from which host. The logs are presented in a human-readable format with convenient filters, making it easy to skim through and find specific operations. If you have a centralized log collection system, Adaxes can be integrated with it using the Syslog protocol. Also, you can create reports based on Adaxes logs. For example, managers can get a weekly report on their subordinates’ activity for the past 7 days.
Adaxes provides several APIs that facilitate integrations with external systems. The APIs enable you to programmatically access Adaxes functionality, meaning you can seamlessly fuse it with your existing environment. For example, your HR system that supports such integration can send calls to Adaxes, which will trigger user creation in the on-premises AD or Azure AD along with the rest of the onboarding procedures, like creating an Exchange mailbox, assigning Microsoft 365 licenses, etc. Adaxes offers a REST API, supports the SPML 2.0 protocol, and allows you to take advantage of the ADSI provider to develop advanced integrations using any COM-based language like C++ or C#. For more details, see Adaxes SDK.
Load balancing and
Adaxes provides load balancing capabilities by leveraging multiple Adaxes services and distributing the load across them. It comes with high availability, i.e. in case of a failure of one of the services, users are automatically switched to another one available. In case your environment has multiple locations, you can also distribute multiple Adaxes services across them. This way, users will be automatically connected to the nearest service to them, which helps to minimize latency and optimize network resources.