The customer managed privileged access through a manual process that was prone to human error, foremost being the fallibility of forgetfulness. The initial scope focussed on the accounts that mapped to domain admins as they required transient privileged access to perform their duties during a transient technical change.
As the solution was configured the power of the automated process became evident and it spread to the enterprise admins, then the schema admins and local server admins and ultimately the groups that were nested in these privilege access Active Directory groups across the entire organisation’s IT staff. A four-tier approval, notification and auditing workflow was added to the process to ensure that IT staff applying for elevated access were compliant in their request and could be audited on demand.
The solution required a meticulously developed and tested design that became more challenging as the scope increased. The design utilised powerful but seldom utilised and understood ARS functionality that delivered a powerful and comprehensive automated workflow of privileged access management for the entire organisation’s IT personnel.
