Healthcare
Automated User Provisioning

Managing sensitive information can influence the way that network security is implemented in many ways. Administrators are always trying to minimize non-essential access to critical areas of the network, without imposing too many restrictions on end users. Auditing and logging requirements, such as Sarbanes-Oxley and HIPAA, generate extra overhead that is tough to maintain for all employees, administrators and end users. Moving towards an automated system is a logical choice that many IT departments make to help solve these problems related to network security.

For any organization using Active Directory, the concept of user rights and privileges is present throughout all areas of the network operating system and can be a huge burden on administrators if privilege changes are made often. Having to delegate someone the task of creating and editing user accounts gives them access to areas of the network that may not be necessary, opening the door to a greater risk. Finding a way to let the user administer the network using delegated privileges can be a tough balance, as the administrative overhead may not be worth it.

The User Management Resource Administrator can address this issue and solve many problems related to delegation and automation in high security networks. Administrators can design an infrastructure that co-exists with any existing delegation model, to allow many different end users to operate the network in a secure way. End users connect to the User Management Resource Administrator Service to manage Active Directory using a proxy-like system that prevents end users from directly managing the network, but still carry out the same tasks as they could before. The only difference here is the user is not required to have administrative rights, or even access to the specified resource, as they are not the ones talking to the network. The User Management Resource Administrator performs all operations in the background on behalf of the end user, using the template designed by the IT administrators.

This template can contain all required logging, notification and administrative actions that define the process. An example task would be creating a new user account, with individual actions listed below:

1. The End User operating the User Management Resource Administrator fills out a GUI or web-based form with all information in advance
2. User Management Resource Administrator performs the requested operation in the background:
• Creating the user account in AD, with unique user name
• Assigning the correct group memberships for job/role
• Placing the user in the correct organizational-unit (OU)
• Filling out all required attributes (office name, phone number, title, department, etc.)
• Creating an Exchange Mailbox with correct storage group placement
• Creating a secure Home Directory (automatically assigned NTFS permissions)
• Sending an e-mail to the End User with information about the new account
• Logging information to SQL for auditing & reporting purposes (HIPAA, SOX)

Additional Solutions

ACTIVE DIRECTORY / OPENLDAP

• Bulk User Management
• Help Desk Delegation
• HR / SIS to AD Integration
• Enforcing Corporate Standards
• User & Resource Migration
• User Real Last Logon
• Exchange Contact Management
• AD Group Management
• Scheduled CSV Updates
• Novell & OpenLDAP Support
• Move Organizational Unit Assignments
• Creating Exchange 2000 & 2003 Mailbox
• Creating Home Directories

PASSWORD MANAGEMENT

• Self Service Reset Password
• Bulk Local Server Password