Wednesday, January 5, 2011

Password Management Leads to More!

A recent pilot project at a large Canadian manufacturing firm, with about 3,500 employees, resulted in successful implementation and purchase. After evaluating numerous vendors over a 6 month period, this diverse, global manufacturer decided on a pilot implementation of Tools4ever products as a proof of concept. We deployed several of our standard products, along with professional services, to meet the client requirements. Here is a brief synopsis of their requirements and how we set about providing a total solution.

The first phase of the project was to provide a standard methodology to allow end user to reset their Active Directory passwords without calling the helpdesk. In addition to modifying the Windows login screen, a web portal was also required to facilitate resets from machines that were not part of the domain. Further, both components needed to be available in English, French, Spanish, German and Finnish. Self Service Reset Password Manager (SSRPM) provided the needed functionality out of the box with the only shortfall being native support for Finnish. However, as all the text for the Enrollment and Rest Wizards is contained in a locale file, the modification for Finnish was accomplished by the client in about 45 minutes.

The second phase of this project involved the use User Management Resource Administrator (UMRA) Web for Employee Self Service and Delegation and Password Synch Manager. The desired result of this phase was to be able to reset a user’s SAP password at the same time and using the same password as the AD password. In order to accomplish this, it was necessary to collect the SAP user name form the end users as there was no relationship established between the AD and SAP credentials. A number of other attributes, such as manager’s name and cell phone were also collected for populating AD. Once this phase was completed, an end user could perform a normal password reset through ALT-CTRL-Del or reset a forgotten password through SSRPM, and the password would automatically be reset in both AD and SAP.

The third and final phase of the project involves the UMRA Delegation and Workflow components. The company has a large number of consultants and temporary employees. When their accounts are created in AD, they will be tagged with an anticipated expiration date in Active Directory. Two weeks prior to this date, the manager will be notified of the pending action and given an opportunity to extend the date. If no action is taken a second notice will be generated one1 week and then again the day prior to expiration. If no action is taken prior, the account is automatically disabled and moved to a separate OU. After 30 days in a disabled state, the account is automatically deleted from AD. This process allows an automated methodology for keeping AD clean.

Shortly after wrapping up Phase 3, the company will begin to look at other Tools4ever solutions including Enterprise Single Sign on and automated user account provisioning. To learn more on Tools4ever solutions, visit our website:
Identity Management

No comments:

Post a Comment