My name is Shawny Reiner. I'm a strategic systems consultant for Quest. I've been with Quest for about five years. But in addition to being a Quest customer, I've been in the IT industry for approximately 20 years, with Active Directory as my primary focus.
On Demand Group Management, or ODGM, is a self-service group management solution that places the onus of group and membership management on the requester and the data owners rather than the IT organization. Part of that management is the attestation process and workflows to ensure group and membership is certified and accurate.
ODGM presents a powerful feature called resources. A resource is an entity within ODGM with a friendly name, easily recognized by the end user population. Groups, known as ODGM roles, are associated with a resource. It is the role of the group that provides access to the requester's needed items, such as an application or a share. This capability eliminates the need for the requester to hunt through massive lists of groups with names that are not clearly conducive to the group's purpose. This short video is designed to demonstrate the resources feature of the On Demand Group Management solution.
What you're looking at is the admin's view of ODGM. From the Resources tab, we can manage and create new resources and existing resources. It is important to note that the IT admin does not have to be the creator of the resources. Resources can be created and managed by the data owners, and it can be safely done because of policies, security parameters, and attestation workflows that are associated to all groups and resources from ODGM. Policies such as naming conventions, security parameters as to who has access, who can create, who can't, et cetera.
So to create a resource, click Add. You want to select a resource type. In this case, I'm creating a finance analyst resource, so I'm going to choose Finance. These resource types are just for the purpose of administration ease.
Then you're going to select a category. The category is the part that associates those policies, security parameters, attestation workflows. So it's important to associate the right category to the resource, because it controls all of that. Then you're going to give it a name that's descriptive and friendly, such as Finance_Analyst_Resources.
Fill in some of the other parameters. The description is very important, because this lets the end user know exactly what the resource is for. In this case, we're going to give them access to a finance application, a finance distro, and a finance share. And then you select an owner. Again, it does not need to be the admin. It would normally be the finance manager or someone like that.
So once you have the resource added, you can assign roles. And these are the groups that actually have the access to the items. So we click Add Role. And I'm going to call this one FinanceShare. And we'll say it's read/write access to the share.
We'll create another role for the finance application. We'll say maybe it gives create access to the app. And finally, we will add the distro. And we'll say it places the employee in the distro.
Now that we have that created, these are available to the end user for selection. So let's take a look at what that looks like. So I'm now in the self-service portal, under Paul, who's a new finance hire.
Paul selects the Gallery. He selects what looks to be the correct item that he needs, Finance_Analyst_Resources, and he selects Join. He chooses a reason why he wants to be a member of each of these roles or groups and submits his request. And he does this for each one of them, which gives him flexibility if, for some reason, he does not need to be a member of one of them.
Now that he's done that, the owner will get the request for approval or rejection. So let's take a look at that. So when we switch back to the owner's view, the owner of the finance-- in this case, the directory admin-- and go to the activities and approvals, you see Paul's requests here. And you can simply approve or reject them. You could also view the information, which will show you those reasons for the request.
Once those are approved, Paul is now a member of those groups and able to access his resources from a simple, single request of a grouped resource so that he didn't have to guess what he needed access to. I hope you found this interesting. Please look for other feature demos, white papers, blogs, and technical documentation about the ODGM solution.