Active Directory self service refers to any set of capabilities that enable users to manage their own Active Directory identities, credentials and security entitlements. The idea is to provide a mechanism whereby users can perform, on their own profile, some administrative tasks that normally require elevated privileges. This reduces IT support costs and improves user service. To do this, an intermediary application is required, to authenticate the user and limit what changes he can make, to whose profiles.
An Active Directory password reset system is the most common component of this. It allows users who may have forgotten or locked out their AD password to resolve the problem on their own, without calling the IT help desk.
Additional Active Directory self-service capabilities may include:
- Enabling users to create, manage or join mail distribution lists.
- Enabling users to request access to Windows shares, folders or printers, or to SharePoint resources, as these entitlements are normally assigned via membership in AD security groups.
Hitachi ID Password Manager is a complete solution for managing passwords and other credentials, intended for users in a medium to large enterprise. It includes self service password reset features, Active Directory integration and Self-Service -- a set of capabilities that enable self-service even anywhere -- including from pre-boot, from the Windows login prompt and while away from the office.
Hitachi ID Group Manager is a solution for managing group objects and group membership in Active Directory and LDAP directories. It allows users, who are often unfamiliar with access rights or groups, to initiate various kinds of requests:
- Requests for access to shares, folders or SharePoint sites, which are typically governed by AD groups.
- Requests for membership in mail distribution lists.
- Requests to assign or revoke group membership, by comparing model and recipient users or through a recommendation system.
Group owners and other stake-holders can create new groups, enrich existing groups with metadata such as owner or risk score and delete no-longer-required groups through the Group Manager web portal and approval workflow.
Group Manager can manage group membership either through a request/approval/review process or by selecting members automatically using rules, typically based on identity attributes. It includes auto-discovery of groups and members and policies, including segregation of duties (SoD) and role-based access control (RBAC) .