Imanami: Hassle-Free Active Directory Group Management

Follow Imanami on :

Robert Haaverson, CEO and Jonathan Blackwell, Product Manager, Project Manager & Technology Evangelist
It is no secret that effectively managing Active Directory groups is critical to shoring up security in an organization while invigorating efficiency of both a company’s IT department and general workforce. Even so, more often than not, group management is dismissed as a rather routine, unimportant task, which undeniably is a recipe for disaster in the making. To put things in perspective, Robert Haaverson, a software architect veteran and the CEO of Imanami, calls to mind a spot-on analogy presented by Gartner in one of its reports on Active Directory groups, referring typical conditions surrounding group management as “hardening of the arteries.” He stresses on the fact that employees move locations, change departments, and start new groups all the time. Evidently, organizations and IT departments—that miss out on ensuring that the objects in the Active Directory do not outlive their purpose—become susceptible to huge security risks, which resemble the “danger lurking in the waters” or the “heart attack waiting to happen.” To this end, California-based Imanami, a Microsoft Gold Certified Partner and a leading Group and User Lifecycle Management solutions provider for any directory, brings forth its purpose-built solution—GroupID—to streamline the management of Active Directory groups. The robust solution empowers IT professionals with the right tools to effectively and automatically provision and manage users and groups while always keeping them up to date.

As Jonathan Blackwell, product manager, project manager and technology evangelist at Imanami, puts it, “One of the primary issues with efficiently maintaining the Active Directory is that the people who are responsible for the management of groups often do not have the requisite knowledge to make informed decisions and choices.” As employees change roles, departments reorganize, and project teams disband, it becomes essential to effectively provision and manage users so that the right people have access to the right information, ensuring users are not over-privileged or permissioned. While usually, it is the IT team that is entrusted with managing access, in reality, the onus is on the business owners or application owners—“the true stakeholders”—to maintain the accuracy of the directory, manage groups efficiently, and attest that the right people are on a particular group. Nonetheless, the problem is largely ignored until it snowballs into a large-scale organizational threat. “GroupID focuses on that aspect and allows users to proactively address the issue through a two-pronged approach of automation and delegation,” adds Haaverson.

With GroupID, automatically updating user information as and when it changes along with enabling IT to establish policy and workflow around how groups should be configured is a breeze. Additionally, the GroupID software suite streamlines the process of keeping groups up-to-date and accurate and simplifies the otherwise cumbersome task of group management. Comparing information to keys, Blackwell mentions that as employees change jobs, they get access to more keys, and while their key rings grow bigger in size, what often goes unnoticed is the key that they no longer require. “That’s what we do.
We make sure that your keyring contains only the keys you need,” he quips. To paint a clearer picture, Blackwell mentions one of Imanami’s clients—a branch manager at a large San Francisco-based bank—that needed access to a vault in Oakland after being transferred. While to ensure optimum productivity they were granted access to the vault in Oakland, what was dismissed is the fact that they still hold access to the vault in San Francisco, which might spawn significant problems in future. To address such concerns, GroupID leverages HR resource data to smartly automate the provisioning and deprovisioning of users, allowing IT professionals to quickly enter users in the distribution and security groups and easily manage them across multiple systems.

To add to that, attestation plays an important role when it comes to strategically managing Active Directory groups. However, without proper enforcement of group lifecycle, attestation becomes irrelevant since it would entail no consequences for group owners. With the help of GroupID, users can initiate an expiration/renewal lifecycle for groups, which in turn, necessitates stakeholders to share the responsibility of groups, maintain their accuracy, and avoid a group glut by getting rid of the ones no longer required. “Lifecycle is the key to ensuring that no group, user, or object is created in perpetuity and outlives its purpose,” asserts Blackwell.

To exemplify the benefits and value Imanami brings to the table, Haaverson recalls a client engagement wherein his company worked in close collaboration with a premium Telco organization to assist them with Active Directory and identity and access management. The client had an entire help desk dedicated to dealing with Active Directory problems and making necessary changes. However, when an email storm severely hindered the productivity of the client’s business, Imanami came to their rescue. The root of the issue was an unofficial email sent out accidentally to a large group of about 100,000 people that are using the fax server. The problem multiplied as other members of the group responded to the same mail and replied to all, resulting in massive internal spam. While employees using modern email systems were equipped to handle the email overload, the situation was critical in remote offices operating on satellite links. Imanami stepped in and started with locking the group down and then deployed GroupID to address the problem holistically, allowing the help desk staff to focus on more mission-critical IT tasks.

The core of Imanami’s uniqueness lies in its multi-layered approach to managing Active Directory comprehensively through automation, lifecycle enforcement for efficient attestation, and delegation. Besides, GroupID also brings the potential to control and manage both on-premise and cloud-based directory along with any of the associated applications. As businesses incline more toward cloud services and applications, be it a hybrid environment or completely cloud-based, GroupID is poised to align with the demand. “For instance, internally we use GroupID hosted in Azure while our customers run our platform on AWS or some other hosted environment as well as data centers,” explains Haaverson. Also, to further strengthen the attestation process, Imanami has plans to enhance the capabilities of its software suite for revealing how groups are being used to perform important tasks and provide customers with insights on that.

Company
Imanami

Headquarters
Livermore, CA

Management
Robert Haaverson, CEO and Jonathan Blackwell, Product Manager, Project Manager & Technology Evangelist

Description
California-based Imanami, a Microsoft Gold Certified Partner and a leading Group and User Lifecycle Management solutions provider for any directory, brings forth its purpose-built solution—GroupID—to streamline the management of Active Directory groups. The robust solution empowers IT professionals with the right tools to effectively and automatically provision and manage users and groups while always keeping them up to date. The core of Imanami’s uniqueness lies in its multi-layered approach to managing Active Directory comprehensively through automation, lifecycle enforcement for efficient attestation, and delegation. Besides, GroupID also brings the potential to control and manage both on-premise and cloud-based directory along with any of the associated applications

Imanami