Total Control of User Provisioning and Administration for Active Directory and BeyondActiveRoles Server ActiveRoles Server can help you manage, automatically provision, re-provision and, more importantly, de-provision users quickly, efficiently and securely in Active Directory, AD LDS (formerly ADAM) and beyond. ActiveRoles Server provides strictly enforced role-based security, automated group management, change approval and easy-to-use Web interfaces for self service to achieve practical user and group lifecycle management for the Windows enterprise.
-------------------- "We've experienced a number of benefits of the system, not the least of which is faster, easier provisioning. The user-creation process used to take up to 25 minutes, and now can be accomplished in about a minute.” —Siegfried Jagott, Consultant, Siemens Business Services (View All Customer Case Studies) -------------------- Businesses today grow and change at a frantic pace, making Active Directory (AD) management one of the most time-consuming IT tasks. AD administrators struggle to keep up with requests to create, change or remove user access to various network resources. With the advent of compliance regulations like the Sarbanes-Oxley Act (SOX), and the intense scrutiny they place on access to business-sensitive applications, organizations can no longer rely on numerous cost consuming manual provisioning processes to maintain compliance. Add to that the need to tightly delegate control of AD among various administrative groups, provide self-service capabilities to users to lighten the IT burden and involve key people in IT processes through change approval, it’s no wonder that today’s AD administrators need help.
Tight Security with Role-Based Administration for AD and AD LDS
ActiveRoles Server offers flexible, granular access controls with role based delegation to ensure that every administrative action taken is consistent with your organization's security standards. You can audit role definitions, assignments and permission entries in Active Directory—all from the ActiveRoles Server console. Enterprise-wide review of access rights is as simple as running one of the pre-built reports that ship with ActiveRoles Server.
ActiveRoles Server’s unique architecture creates a security boundary around Active Directory, so you can reliably manage AD access rights and guard sensitive information. This is the only way to guarantee compliance with security policies.
Speed User Provisioning with AutoProvision™ Policies ActiveRoles Server automates user provisioning tasks to reduce your administrative workload and get new users up and running faster. Reprovisioning and deprovisioning is automated as well, so when a user’s access needs to be changed or removed, updates in Active Directory, Exchange and Windows are made automatically, thereby reducing administrative workloads and making users more productive faster – all leading to significant cost savings for your organization! Decrease Costs by Automating Your User Provisioning Process
With the addition of ActiveRoles Quick Connect (optional add-on application to ActiveRoles Server), ActiveRoles Server provides integration with data sources such as HR and ERP systems or Microsoft’s Identity Lifecycle Manager 2007 (formerly known as MIIS) so that AD and other resources can be updated automatically, streamlining data entry. Data entered into one system is automatically reflected in AD, eliminating costly data entry errors and duplication of effort, and saving valuable time and effort. Lower Administrative Costs with User Self Service With the simple assignment of self-service roles, end users can carry out administrative tasks, such as modifying their Microsoft Exchange contact information, through a simple to use self-service Web interface. Due to the reliable enforcement of business roles and rules, ActiveRoles Server makes self-administration safe and secure, while allowing IT to manage (but not necessarily participate in) these time-consuming tasks. Centralized Reporting for All Administrative Operations
Centralized audit logs on all directory-related actions show who performed what actions and who tried to perform actions that were not permitted. By logging all actions in a centralized fashion, ActiveRoles Server allows administrators to quickly identify, troubleshoot and investigate issues, saving time and increasing administrative efficiency. Involve Decision-Makers in Key IT Processes
By providing policy-based approval workflow, ActiveRoles Server decreases errors and inconsistencies in the processes of directory data management, including provisioning and de-provisioning. Robust approval procedures allow an IT process and oversight to be established and aligned with business requirements, putting efficient responsibility chains to complement the automated management of directory data in place. Protect Critical Data with Business Policies
By strictly enforcing operating policies and eliminating unregulated access to sensitive resources, ActiveRoles Server ensures the security of your business-critical data. In addition, ActiveRoles Server enables the integration of business processes and provides a detailed audit trail of all directory-related changes. This level of control and security is a must for legal or regulatory compliance initiatives. Administer and Provision More with One Console FREE SPML Provider – Quest offers, free of charge, an SPML 2.0 (service provisioning markup language) provider that allows any system that generates an SPML formatted request to connect through a web service and provision Active Directory. This software, exclusively from Quest, can also be used in tandem with ActiveRoles Server to better integrate Quest ActiveRoles Server into heterogeneous environments. - AD and ADAM/AD LDS - ActiveRoles Server provides side-by-side management of both AD and AD LDS creating a single point of administration, delegation, policy enforcement and change control for all Microsoft Directory Services. ADAM was recently renamed by Microsoft to Active Directory Lightweight Directory Services (AD LDS).
- Entitlement Access - Manage entitlement access including Exchange, network resources and JAVA applications. ActiveRoles Server can also manage key user assets, including AD accounts, Exchange mailboxes and home directories. It provides a practical approach for managing the entire user lifecycle including assignment of user entitlements. Once an AD account is provisioned, access to directory-enabled applications can be granted automatically. For example, the AutoProvision Policy for Group Membership allows you automate the assignment of entitlements, such as network resources or Java Applications through Quest’s Vintela Single Sign-on for Java.
- Unix/Linux Users and Groups – ActiveRoles Server extends management control to Unix, Linux, and Mac identities, including users, groups and computers, through Vintela Authentication Services. Decrease your administrative costs and better leverage your third party management solutions by utilizing this unique technology.
ActiveRoles Server is an Extensible Solution
With ActiveRoles Server you can customize and extend provisioning, management, security and automation through ADSI scripts or PowerShell. Both scripts and PowerShell commands are subject to the same roles and policies as day-to-day administrative users so you can be confident that they will be executed properly, by the correct people, and trigged by events you define. In addition to scripting and PowerShell support, several optional add-on applications (listed below) can be added to ActiveRoles Server to provide for advanced management capabilities. Quest ActiveRoles Quick Connect provides integration to HR/ERP application or Microsoft Identity Lifecycle Manager 2007 (formerly MIIS) to completely automate the provisioning process and synchronize system data with AD. Quest ActiveRoles Exchange Resource Forest Manager enhances the multi-forest capability of ActiveRoles Server by synchronizing the provisioning between a User Account Forest and the Exchange Resource Forest. Additionally, it provides a single point of management combining user properties from both the Resource Forest and the User Forest. Quest ActiveRoles DNS Manager extends the capabilities of ActiveRoles Server to further protect and secure AD by providing a powerful, easy to deploy and use web-based console that facilitates secure delegation and execution of DNS data management tasks.
Quest ActiveRoles Self-Service Manager (NEW!) provides controls to let Administrators empower application and data owners to self-manage their resource access groups in a secure and compliant manner. By empowering the information owner the burden of access management and compliance is moved from IT, to the person who understands the business justifications for granting access. Getting started
|