Active Directory, or AD for those in the know, is an identity directory for managing accounts and entitlements for access to the company's IT resources.
This name evokes either a technical tool with enormous possibilities, a mine of information in which, with a lot of experience, one can navigate to find what one is looking for, or a nightmare, knots in the stomach just at the idea of having to get your hands dirty, an austere tool where nothing is simple!
For those who cherish AD, it is unlikely that you will find yourself on this article, so I will speak directly to you others, for whom AD is not obvious.
Active Directory Uncensored
Active Directory is, of course, very useful for managing user accounts but not at all intuitive. It is very technical, austere, complex, and even dangerous if you delete elements, because it is very difficult to know who performed which action. This means that if someone deletes a folder (called Organizational Unit) on the AD, it will be very difficult to identify the author of this deletion unless you use third-party software. Suffice it to say that you are moving to the expert level 😎.
What is the usage of AD in your company, are there any experts?
For many companies, the use of Active Directory is limited to a very basic use: the creation and modification of accounts as well as the suspension of accounts. AD is a central tool in a company because it is the pillar of authentication for "on-premise" applications, but it is very often poorly used and poorly maintained.
Few people want to get their hands dirty, but for certain information, it is necessary to do so; otherwise, the Active Directory quickly becomes poorly managed.
And even if there are experts...
IT departments have other responsibilities besides creating accounts. If your team includes an engineer or expert, their skills are better utilized for more relevant tasks than account creation. The company can leverage their expertise in other critical areas.
Manage Active Directory without technical skills?
When we think of Active Directory, we often associate it with the IT department, but in many companies, account creation is not necessarily the responsibility of IT. We find office managers, HR personnel, or even general services who oversee the administrative management and creation of accounts for a new arrival, for example.
So yes, the AD can be managed by people without IT skills, but in this case, the tool becomes a nausea for those who have to deal with it (too sharp and a very abrupt user interface).
Furthermore, we do not grant access to the Active Directory itself, but rather to specific AD functionalities (account creation, suspension, modification, etc.).
The underlying idea is that a specialist installs and configures Active Directory within your company, then grants you access to functionalities, but you won't need to call them for every minor issue.
I'm going to use a metaphor that we like at Youzer: when you have your house built, you call an electrician to install the electrical network in your home, but then you don't call him every time you need to turn on the light, that goes without saying. Why? Simply because there is a simple and effective tool, the switch!
Besoin d'échanger sur vos processus ?
15 minutes pour voir si on peut vous simplifier la vie côté accès. Sans pression, sans engagement.
Why continue managing 'simple' tasks directly in AD?
Now, I'm probably going to ruffle some feathers, but whether it's IT people or people without IT skills, everyone needs to make their AD management easier. Specialists will tell me no, we're doing very well and the tool suits us. Yes, but.
Yes, but how much time do you spend performing actions such as modifying an organizational unit? How do you monitor privileged accounts? How do you monitor duplicates, orphaned accounts, and other anomalies? How much time does it take you to reconcile accounts and all actions that, from then on, are a little out of the ordinary, make you go through a PowerShell?
So why wouldn't all IT professionals be inclined to use simpler solutions to manage AD?
CIOs are certainly very interested in this type of solution, as they see it as a time saver for their teams, providing clarity and independence from the AD (where there is a strong dependence on technical skills).
People working in IT also like to have control over the entire tool (which AD allows) and there is a familiarity bias where users have more confidence in a product they know (even if it is complex) than to go to something new.
So let's see how to simplify this usage.
How to simplify the use of Active Directory?
There are several tools that will allow you to manage the AD via an intermediate solution. They will allow you to easily perform tasks that take a lot of time on Active Directory. Of course, you will find documentation on Microsoft, but it is incredibly technical (and discouraging for the less technically inclined).
I will talk about IGA here, what is it? IGA or Identity Governance and Administration is a solution for managing users, their accounts and their applications. IGA is the management of entitlements, rights and access. One could say that IGA is the administrative part of IAM.
An IGA solution therefore performs 100% of the basic tasks you need on a daily basis very well. Depending on the solutions, you can quickly end up with complex systems.
Logically, if you're here to simplify AD, it would be foolish to go with an ultra-complex identity and access management solution 🙃…
Besoin d'automatisez vos accès sans chantier IT ?
En 60 minutes découvrez comment Youzer fiabilise vos onboarding et offboarding pour gagner plusieurs heures par semaine côté IT.
How does IAM work?
To understand the value of an IAM tool, it is necessary to understand how it works. The tool connects to your Active Directory and gathers information from your accounts.
You manage your AD from your identity and access management platform. Thanks to the very quick installation of an agent, you can create, suspend, and modify accounts, manage security groups, and manage organizational units (OU).
Note: Through an IAM, you can integrate all your software and applications to manage all accounts from the platform. An IAM is designed to connect to your HRIS or HR database to reconcile users and accounts.
The IGA tool must have a user-friendly interface, ease of management, clarity of information, and must report relevant information for account and user management.
A person who does not have technical skills will evolve in a more fluid, more modern environment with an almost playful system to keep accounts up to date on their IS.
The main objective is (let's remember) to facilitate account creation, clean up the IS, and suspend accounts. All with the goal of internal satisfaction (granting access to users) and security for the company (deleting orphaned accounts).
Since I started with cognitive biases, here is another one that interests us in our case, the spark effect, it is more likely that a user will perform an action if the effort required is low. A user without technical skills will therefore be more inclined to seriously take care of your accounts if the management tool is practical and user-friendly!
Thus, at Youzer, we have created a platform on which you have a dashboard that summarizes your arrivals and departures, accounts in error, and automates the creation and suspension of accounts. This encourages the IAM user to easily clean up their accounts in error.
Furthermore, with each connection, you receive a reminder of the actions you need to take to ensure everything is in order, actions that do not take much time.
Admit that it's tempting to leave this unfinished:
The difference between AD and IAM in basic management:
🙂 The IAM tool gives you levers for action.
😣 AD allows you to perform actions, but you have to do everything manually or configure your actions, requiring significant expertise.
🙂 The information is already analyzed and reported in a readable way.
😣 The information is raw; it's up to you to search for it to analyze it.
🙂 Arrivals and departures are displayed, erroneous accounts are notified, and you are informed of the actions to be taken.
😣 Nothing pops up in Active Directory; everything is there, but you will have a lot of trouble finding duplicates or orphaned units. For arrivals and departures, you're in for long email exchanges between HR and IT.
🙂 A non-technical person can easily manage their company's accounts; moreover, a customer service is there to help them in case of difficulties.
😣 A non-technical person will absolutely have to train on AD before taking it over, otherwise they risk making more or less serious mistakes. Technical documentation is available to help in case of difficulty.
Curious to learn more? Schedule an appointment to see how to manage your AD with a simpler tool!
