• Home
• Topics
• Enterprise Identity and Access Management
• Identity Management Technology and Strategy
• Active Directory and LDAP Security
• Choosing management for Active Directory user provisioning

Choosing management for Active Directory user provisioning

Requires Free Membership to View

Login



SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

Michael S. Mimoso, Editorial Director

• E-mail Address: 

By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

Of course the answer to this question is: It depends. The decision regarding who owns provisioning revolves around the enterprise's culture, organizational structure, deployed technologies, departmental responsibilities and capabilities, and political power. Keeping in mind that any one of these parameters can overwhelm the others, know that the user provisioning process -- Active Directory (AD) or otherwise -- is generally owned by the IT department or the information security team. While the help desk may be the initial point of entry into the process, its role in provisioning is generally facilitation and tracking of requests.

As far as the best way to manage user provisioning between groups goes, I'll assume you mean Active Directory groups. This managing is generally done one of two ways: by automation or through workflow. In automated provisioning, the provisioning system has logic programmed into it to automatically create entitlements in the proper Active Directory groups based on a set of parameters entered in the request. In a workflow environment, the decision concerning which group the user will be provisioned to is made by the resource owner -- typically through an email -- and the decision is then sent back to the provisioning system -- typically through an email -- where the system provisions the user based on the resource owner's instructions.

While automated provisioning is quicker, easier and less error-prone, it's also more expensive to deploy and manage. Workflow-based methods are relatively cheap, but they take time, require coordination among stakeholders, and even the best processes are prone to errors either in communication of privileges or in implementation of intended privileges. The right choice for an enterprise depends primarily on the resources it has to invest in user provisioning management and the number of users who need provisioning on a daily or weekly basis.

For more information:

• What are the pros and cons of using authentication that is not Active Directory-based? Read more.
• Learn more about the possible future of the user provisioning market.

Dig Deeper

This was first published in November 2009

More from Related TechTarget Sites

• Cloud Security
• Security Channel
• SMB Security
• Financial Security
• Security UK
• Security AU
• Security IN

• Cloud Security

  • Leveraging Microsoft Azure security features for PaaS security

    Organizations can boost PaaS security late in the game by implementing these stopgap measures.

  • Quiz: Understanding cloud-specific security technologies

    Think you understand cloud-specific security technologies as well as expert Joseph Granneman does? Test your knowledge with this quiz.

  • CSA launches cloud security certification initiative for service providers

    Plan calls for working with certification bodies, government agencies, as well as an independent CSA certification.

• Security Channel

  • Biometric authentication methods: Comparing smartphone biometrics

    Biometric authentication helps ensure only authorized smartphone users can access a network. David Jacobs weighs the pros and cons of three methods.

  • F5 Vault program embraces incentives for F5 firewall, security sales

    The Vault partner program uses incentives to increase visibility for F5 firewalls and its architecture bundle.

  • Using DMARC to improve DKIM and SPF email antispam effectiveness

    DMARC aids the DKIM and SPF protocols that help keep spam out and let legitimate emails in. David Jacobs explains how.

• searchMidmarketSecurity

  • Windows Phone 7 security: Assessing WP7 security features

    Windows Phone 7 security features are proving to be a mixed bag. Sam Cattle assesses the enterprise security pros and cons of the latest Windows mobile platform.

  • Choosing the best security certifications for your career

    Whether starting your career or planning your next step as an IT security professional, this tip will guide you toward the best certifications for your interests and experience.

  • Midmarket security tutorials

    SearchMidmarketSecurity.com’s tutorials offer IT professionals in-depth lessons and technical advice on the hottest topics in the midmarket IT security industry. Through our tutorials we seek to provide site members with the foundational knowledge needed to deal with the increasingly challenging job of keeping their organizations secure.

• searchFinancialSecurity

  • Microsoft attempts legal action to disrupt some Zeus botnets

    Legal and technical actions could disrupt some Zeus botnet operations by seizing command-and-control servers in Pennsylvania and Illinois.

  • More than hype: Security big data helps bank to boost security program

    At RSA Conference 2012, Zions Bancorporation detailed how it harvested security big data using a Hadoop-based security data warehouse.

  • Web application threats: What you really need to know

    In this special presentation, Mike Rothman details today's top Web application threats and pragmatic methods to integrate security into the Web application development process.

• Security UK

  • ICO fines Welsh health board £70,000 for patient record loss

    For the first time, the ICO fines an NHS organisation for sending patient data to the wrong person.

  • With mobile payments, security teams must move quickly

    As employees make payments on their mobile devices, the security team must act quickly to ensure corporate assets remain secure.

  • SOCA takes its website offline in DDoS response

    Just days after SOCA shut down carder sites, the agency was the victim of a DDoS attack, leading SOCA to takes its website offline.

• searchSecurityAU

  • With mobile payments, security teams must move quickly

    As employees make payments on their mobile devices, the security team must act quickly to ensure corporate assets remain secure.

  • PCI virtualization compliance still a challenge

    No black and white when it comes to PCI compliance in virtualized environments, experts say.

  • Examining Kindle Fire security, Silk browser security in the enterprise

    Do Kindle Fire security issues, combined with weak Silk browser security, make the red-hot consumer device too risky for enterprises? Michael Cobb explains.

• Information Security

  • POS terminal security: Best practices for point of sale environments

    Securing point of sale (POS) environments can be tricky. Shobitha Hariharan and Nitin Bhatnagar share comprehensive POS terminal security best practices.

  • Burp Suite Tutorial PDF compendium: WebApp tester’s ready reference

    Our Burp Suite tutorial PDF compendium is a collection of our Burp Suite guides in PDF format made available to you for free offline reference.

  • PCI virtualization compliance still a challenge

    No black and white when it comes to PCI compliance in virtualized environments, experts say.

• About us
• Contact us
• Site index
• Privacy policy
• Advertisers
• Business partners
• Events
• Media kit
• TechTarget corporate site
• Reprints
• Site map