Skip to content

Limit Active Directory Elevated Privileges with IDM

by Bob Giguere | December 13, 2024

Illustration by GCA showing a diagonal column of blue boxes in varying sizes and shades.

Increase security and reduce operational overhead with IDM automated management of Active Directory.

Current Situation: Like most, Active Directory was used as their primary network directory at this organization. Creating accounts for new hires, assigning group membership, enabling/disabling accounts, and related tasks were done manually.

Impact: There could be hundreds of updates needed in Active Directory on any given day. These updates were performed by the help desk team manually. In addition to the time loss due to the manual effort, the organization had to grant elevated privileges in Active Directory to multiple resources on the help desk team.

Resolution: GCA implemented the SailPoint IdentityIQ (IIQ) Lifecycle Manager product, and it took over the management of Active Directory for the most common tasks. When new hires are aggregated from the HR system and connected to IIQ, accounts are created automatically in Active Directory. In addition, birthright roles get assigned, which granted Active Directory group membership. This integration enabled the help desk team to work on higher value items, improved the organization's security posture, and updates happened in real-time.