Novell Home

Web-based User Account and Identity Management White Paper

Novell Cool Solutions: Feature
By Omni Technology Solutions Inc.

Digg This - Slashdot This

Posted: 25 Oct 2006
 

Web-based, Cross-platform, User Account and Identity Management White Paper

- The Challenge of Managing Mixed Networks
- The Web-based, "ZERO Rights" Solution
- Ideal Complement to Novell Identity Manager 3
- Delegate User Account Management Tasks - Securely
- Security and Regulatory Compliance
- Deployment Examples
- Top User Account Management Tasks
- Ten Questions to Determine if eControl is Right for You
- Three Cross-platform eControl Modules
- More Information

The Challenge of Managing Mixed Networks

Mergers, acquisitions, security and privacy requirements - and the potentially devastating lawsuits for non-compliance - have increased the need for systems and processes that simplify user account management in mixed networks. Many IT administrators and help desk operators are dealing with the chaos of using multiple tools to manage thousands of users, distributed globally, across complex, mixed and multiple eDirectory, GroupWise, Active Directory and Exchange networks.

Complexity has a negative impact on help desk and user productivity. It creates challenges for overtasked senior IT personnel and employees. The need to deliver real-time user account changes often conflicts with security policies and regulatory compliance. Organisations need to respond quickly to user account change requests, yet still be able to protect sensitive corporate and customer data, track internal and external access and produce user change audit trails.

Regulatory and security compliance are top of mind for security managers. Many organisations struggle with the challenge of high turnover in their help desk and service desk employees. The challenge and security risks of training new help desk and service staff personnel on how to properly and securely use Console One, NWAdmin, iManager and/or Microsoft Management Console are top of mind for most IT staff today. And if you are not using an automated user account management solution like Novell's Identity Manager 3, managing the user life cycle can be a daunting task. External auditors often find hundreds of orphaned or dormant accounts that threaten system security. Or, even worse, they find instances where junior administrators or divisional managers are given full access to file systems, email systems and directory systems in order to use the complex administrative tools required to carry out routine user account management tasks.

The Web-based, "ZERO Rights" Cross-Platform Solution

Omni eControl 2.x is a "ZERO Rights", web-based, user account and identity management solution for GroupWise, eDirectory, Active Directory or Exchange. It empowers junior administrators, help desk operators, support staff, non-technical staff and even end-users to perform common user account management tasks. From the same browser, without any trustee assignments, rights or permissions in GroupWise, eDirectory, Active Directory or Exchange, non-technical staff are able to carry out specific user account management tasks for these systems. These common tasks include resetting passwords, managing email distribution and group lists, creating new users, unlocking intruder lockout, enabling and disabling accounts, and much more - all from a single browser.

The result - increased security, controlled account change management, increased productivity and peace of mind.

Ideal Complement to Novell Identity Manager 3

eControl provides the ideal complement to Novell Identity Manager 3. Novell Identify Manager 3 automates user provisioning and account synchronization across different identity systems and databases. eControl enhances IDM 3 by providing a web-based, ZERO-Rights interface that allows non-technical people to carry out specific, secure, audited, user account management tasks for eDirectory, GroupWise, Active Directory and Exchange. No more supervisor trustee assignments required, no system permissions required, no more training on ConsoleOne, NWAdmin, iManager, Microsoft Management Console for junior administrators ...

Delegate Account Management Tasks - Securely

With eControl, users are only able to complete those tasks they have been assigned. eControl users require NO Trustee Assignments, NO permissions, NO access to the file system, NO System Access Rights. NO access is required to Microsoft Management Console or Task Pads, ConsoleOne, NWAdmin or iManager. eControl users perform their tasks across multiple and mixed operating and email systems from a secure, easy-to-use browser.

eControl's fully archivable audit trail enables administrators and auditors to keep a tight rein on data access and account change logs. Disabling and deleting orphaned and dormant accounts can be securely delegated to junior support staff. Administrators can enforce strong password policies and reduce the risk of regulatory exposure and security liability. As a user's role changes within the organisation, eControl will help you change his or her group memberships and task authorities. This will improve responsiveness, increase productivity, mitigate security risks and produce more accurate user account data.

eControl alleviates the need to assign any system access rights, trustee assignments or file system rights and permissions. This allows you and your IT staff to focus on business requirements instead of security needs. And, for organisations embarking on a longer-term identity management strategy, eControl delivers a quick win and significant and immediate ROI. For example, research shows that password self-service can save as much as $650,000 per year in a typical 10,000-user organisation. User account management consumes a significant proportion of overall IT productivity. Even a 20% efficiency gain is significant.*

* Source: "What is User Life-Cycle Managment? And Why You Should Care," META Group, June 2004, p5.

Security and Regulatory Compliance

Complete Account Change Management Audit Log and Password Change Notification are designed to enhance security and regulatory compliance of legislation such as:

  • Sarbanes-Oxley
  • Gramm-Leach-Bliley
  • HIPAA
  • FDA 21 CFR 11
  • EU Directive 2002/58/EC
  • PIPEDA

Deployment Examples

Rockford Corporation
Rockford Corporation uses eControl to enhance Sarbanes-Oxley (SOX) security compliance. eControl allows Rockford's Help Desk and junior administrators to carry out routine user account management tasks from a web browser - with no trustee assignments in Novell GroupWise, eDirectory or the file system.

Wilfrid Laurier University
Wilfrid Laurier University's Help Desk uses eControl to manage their 13,500 Novell Groupwise accounts. "Our help desk operators, users and lab administrators are thrilled with the system. I strongly recommend eControl and Omni for all universities and colleges looking to simplify their Novell GroupWise help desk user account administration."

Arizona School District Increases ROI with Novell, EMU, and eControl
Pendergast Elementary School District chose EMU and eControl to provide bulk user management and distributed help desk user management to its large network. "The results were phenomenal!"

Top User Account Management Tasks

eControl is powerful and yet simple to use in homogeneous and mixed environments. On average, eControl takes three hours to install and configure in even the most complex environment. After 20 minutes of training, your non-technical staff will be able to perform the following user account management tasks for your eDirectory and/or Active Directory users.

eDirectory and GroupWise

1. Manage Account Password and Strong Password
2. Manage GroupWise Password and Strong Password
3. Enable / Disable User Accounts
4. Manage Group Memberships
5. Manage Organizational Roles
6. Set Password Restrictions
7. Release Intruder Lockout
8. Create User Identification Information
9. Manage Login Information (Login Script and Profile)
10. Manage Login Restrictions
11. Manage GroupWise Distribution Lists
12. Manage GroupWise Options (Visiblity, Expiration Date)

Active Directory and Exchange

1. Manage Account Password and Strong Password
2. Enable / Disable User Accounts
3. Manage Group Memberships
4. Manage Exchange Mail Groups
5. Release Intruder Lockout
6. Create User Identification Information
7. Manage Account Expiration Date

Ten Questions to Determine if eControl is Right for You

  • Is the IT or the help desk department sometimes the bottleneck in your user account change management process?
  • Is your service desk unable to carry out certain account management tasks because of security restrictions?
  • Does your security department require account change management audit reports for Security Regulation compliance?
  • Are you running GroupWise on Windows or Exchange with eDirectory or mixed eDirectory and Active Directory environments?
  • Does your help desk run multiple user management tools because you are running GroupWise or Exchange in a mixed or multiple Active Directory and eDirectory environment?
  • Have department mergers or corporate acquisitions made your user account creation and management tasks cumbersome and complex?
  • Tired of training your Help Desk Operators how to use a combination of ConsoleOne, iManager, NWAdmin, Microsoft Management Console or custom Task Pads to carry out user and identity management tasks?
  • Concerned about the impact of Help Desk Operators or Junior Administrators hitting the delete key on the wrong object or "poking" about your network to see what they can see?
  • Need to deploy User Self-Service or Password Self-Service for GroupWise or in a multiple or mixed eDirectory, GroupWise, Active Directory or Exchange environment?
  • Are you being asked to manage and integrate more complex systems with fewer resources?

Three Cross-platform eControl Modules

  • Help Desk Module
  • User Create Module
  • Self-admin Module (including Password Self-service)

More Information


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell