Self-service workflow to assist in assigning ownership of Active Directory admin, service, and test accounts.
Current Situation: Active Directory was the primary directory for a large healthcare organization. It contained thousands of admin, service, and test accounts with application access and elevated privileges. Most of these accounts did not have an identified owner, and it was unclear who could review the access for these accounts.
Impact: The organization sought to meet HITRUST compliance controls which dictated that all application access needed review every 90 days. These admin, service, and test accounts created a problem because the critical data point, who owned the accounts, was missing.
Resolution: GCA assisted with a data review of these accounts and identified multiple patterns in naming convention or OU placement. For example, hundreds of accounts began with "svc_PACS…" which, by naming convention, recognized the PACs team as the appropriate owner and reviewer.
GCA then created a self-service workflow in SailPoint IdentityIQ to allow their help desk team to perform bulk searches and bulk account owner assignments. This workflow helped resolve a long-standing data issue and enabled the organization to meet their access review HITRUST controls.