The whole point of identity and access management (IAM) is to ensure that the right people have the right access to the right stuff at the right time in the right way and that all the other right people say that it’s okay that they have that access. The vast majority of IAM projects aspire to “get it right” across the entire enterprise (applications, data, and systems), including all user populations (employee, administrator, partner, customer, etc.), and all access types (on-prem, remote, BYOD, etc.) but they usually get bogged down with one system or another and end up going way over budget, running extremely long, and mired in the minutiae of access control at the expense of governance objectives.
In my many years dealing with these types of IAM projects, I’ve seen that quite often the system that bogs down the project is Active Directory (AD). This may be due to the importance and ubiquity of AD in the enterprise and the fact that “cookie cutter” IAM simply doesn’t work with AD. So heavy amounts of customization are required of the IAM solution or manual processes implemented simply to achieve minimal AD management and security functionality. There are a few common themes that are relevant with regard to AD in enterprise IAM:
The highway to IAM success is littered with organizations that could not get past the AD roadblock and highlighted by some who found the way to move beyond AD.
The challenges of managing AD with native tools or custom integration with an IAM framework should be obvious to anyone who has tried either. It all comes down to the potential power of managing AD correctly, and the difficulty of actually doing it. At Dell, as illustrated above, we’ve cracked that nut and have out-of-the-box automation and security for AD that is second to none. We’ve written a white paper called Active Directory Security Challenges … Solved! that details where the opportunities lie to get AD running smoothly so you can move on to the next challenge.
And if you want to learn more on the power of good AD management in an enterprise IAM program read: Access Control is Easy, Use Active Directory Groups and Manage them Well.