Active Directory Compliance Manager

Activate Active Directory Compliance Manager allows the enforcement of complex compliance rules with Active Directory (AD). This allows advanced policies to be implemented and remediation actions to be performed automatically when changes occur within Active Directory. Real-time compliance means that Policy Managers and Auditors can ensure that sensitive information is protected while minimising the impact on operational systems.

  • Automatic Monitoring of ALL changes made in Active Directory
  • Audit and Compliance of ALL Active Directory changes
  • Enforce Policies for different group types
    • For example, automatically remove users from sensitive groups unless Actioned in Activate
  • Manage Security Groups Online
Active Directory is the backbone of access control within most corporate environments. It controls access to sensitive information stored in the file system, Email system and a multitude of external systems such as SharePoint and other Line of Business applications like SAP etc. It is increasingly important that policy controls are enforced for user access to these business applications and to monitor and enforce compliance across systems.
The Activate Active Directory Compliance Manager monitors all changes in Active Directory and enforces policy and provides event management for changes. These changes can be initiated manually by the Service Desk or automatically by other systems.

Overview

Browse AD Groups

Activate generally manages AD groups based on the rights they grant. Some examples are Software Access (via Services Manager), Shared Folder Access (via Folder Manager) however, some groups fall outside of this like the 'Domain Admins' group. AD Compliance Manager allows these groups to be managed online via Activate

Online Group Management

Service Desk and Administrators can search and update groups as required. Activates comprehensive role based security system controls in a granular fashion which users can perform which actions on specific groups

Compliance and Auditing

Unlike actions performed directly in Active Directory, all actions in Activate are tracked and audited. This improves security and reduces compliance costs

Templated Group Creation

Enforce corporate policies for AD Group creation, by having templates for the different group types. The system can enforce naming standards, specific OU's and can also automatically create sets of Groups. For example, Dev, QA and Production groups in a single step.

Automatic Classification of AD Groups

Activate automatically classifies AD Groups based on their usage. For example, groups linked to an Activate Service, Distribution List, Folder or SharePoint access, are automatically moved and classified. Users including Administrators must use the appropriate Activate Module and process to manage the Group, rather than just adding and removing members in AD Users & Computers. This ensures that all appropriate business rules and processes are followed

AD Policy and Monitoring

Activate monitors all changes to Active Directory in near real time. Any changes that are made outside of Activate can trigger a workflow and policy. For example, the 'Domain Admins' group is moved to the 'Protected' policy node in Activate. This means that any users added to the group outside of approved rules in Activate will be automatically removed and a Security Group Manager role notified of the violation

Detailed Feature Summary

  • Browse and Manage Security Groups Online

    Service Desk and Administrators can view and manage security groups online that are not otherwise managed within Activate. For example, 'Domain Admins' or other system groups
  • Auditing and Compliance

    Like all other Activate Modules, all actions performed are audited and tracked for compliance. This means auditors can quickly and easily see who added a user to a group and when
  • Granular Access Control

    Activates granular roles and security system means that it is easy to control which users can perform which tasks on specific groups or sets of groups without rearranging anything in Active Directory
  • Membership Control

    Activate significantly enhances Active Directory security by allowing you to control 'who' can be a member of a group. For example, a highly sensitive group that 'Contractors' are not allowed to be a member of. Activate can enforce this requirement and ensure that contractors are not added to the group, and if they are outside of Activate, they are then automatically removed
  • Services Manager Integration

    Active Directory Compliance Manager in conjunction with the Activate Services Manager Module, can ensure that if users are added to groups that should be controlled by Services in Activate, a Service instance is automatically created for that user
  • Templated Group Creation

    Enforce corporate policies for AD Group creation by having templates for the different Group types
  • Automatic Classification of AD Groups

    Activate monitors all changes to Active Directory in near real time