Complete control, total efficiency. With approval based workflow
By Neil Burton
As independent IT consultants, we find ourselves working with a wide variety of organisations. And although we pride ourselves on our tailored solutions, it’s fair to say that over the last 20 years there are some challenges that are common to many of the businesses we support. Once of these is helping our clients strike a balance between keeping control over sensitive operations in Active Directory whilst, at the same time, reducing the amount of time that valuable IT personnel are required to spend on them.
To solve this conundrum we turn to Adaxes. It enables our clients to add an approval step to practically any operation performed in Active Directory, Exchange and Office 365. So that the execution of various tasks can be delegated to lower level authorities without sacrificing any control.
How It Works
To see how approval-based workflow can benefit your organisation we’ll imagine a company with a typical structure including an IT department. There’s an administrator (we’ll call him Tim) who’s responsible for user accounts creation, maintenance and deprovisioning. Tim’s managers don’t want him using his time and skills to perform such routine tasks so we’ve recommended Adaxes. It allows Tim to delegate all user creation procedures to the HR department instead, freeing him up to focus on other jobs.
Previously, delegating these responsibilities could mean users would be created in a wrong OU or several accounts for the same user created by mistake. Now Tim just needs to create an approval step that’s triggered before user creation.
So when somebody in HR enters all the personal data of a new employee and clicks the Create button, the operation will be suspended and an approval request will be sent to Tim. After a quick check, Tim can grant permission and the user account created. If there’s anything wrong, Tim can deny the operation. So with Adaxes, Tim retains full control over the process without getting bogged down by it.
Group Membership Management
Another area where Tim’s managers would like him to spend less of his valuable time is managing user group membership - for printer access, shared folders etc.
Previously, if users required access to any of the company resources, they needed to email the IT department to request it. Administrators then had to check if this user really needs these access rights and possibly also ask their managers.
But with Adaxes, administrators can be excluded from this chain without losing control over the process. Instead, users can be enabled to add themselves to groups after an approval is granted. Freeing Tim up this way requires no specific technical skills or extra training for managers. They simply check if a particular user really needs new access rights, proceed to the Web UI and either approve or deny the operation.
To make this happen all Tim has to do is create a rule in Adaxes that would be triggered before a user is added to a group. Again, the operation is suspended until approval is granted. What’s more Tim can be really flexible when defining the approvers list., choosing specific managers or someone from the predefined options including manager of the requestor, owner of the requestor’s OU etc. The approvers list will be formed depending on the actual operation. But if Tim wants to create a list of approvers that will include, for example, manager’s assistants or a list that changes depending on certain conditions, he can use his own cusTim scripts to extend the out-of-the-box functionality of Adaxes. And for some security sensitive operations he can add multi-level approval.
Controlling Automated Tasks
Some tasks have nothing to do with users and are automated operations performed either regularly or triggered by certain events such as an AD clean-up that runs periodically and deprovisions stale user accounts, deletes inactive computers, empty groups, etc.
Adaxes helps here too. To make sure that nothing goes wrong, he can add an approval step to any of the operations that are performed automatically (e.g. automatically deprovisioning inactive users). Again, this would mean that the only thing he needs to do, is to check requests that are sent to him by email and approve/deny. This takes significantly less time than doing all the same by hand.
Arrange a demo
As certified professional Adaxes consultants, we can make implementing Approval-Based Workflow easy. We can deliver your Adaxes software licence, install it, configure it to your specific needs and provide ongoing technical support - all under one roof. And in doing so we can significantly increase overall efficiency without compromising control or security. Allowing you to better allocate IT resources and allow your team to focus on the tasks that really matter.