Top Six "Cool Things" You Can Do with Active Roles

Hello, everyone. Welcome. I'm Megan Pennie with One Identity. And welcome to the Six Cool Things You Can Do with Active Roles Session. We're excited that you're here with us today. I have David Miles, Senior Product Manager for One Identity Active Roles with me today. Hello, Dave. Welcome. Thanks for being here. Hi, everyone. Yep, hi, Megan. Excellent. So Dave, Active Roles seems to be capable of so many things. It's like a multifaceted diamond. It's in the AD account lifecycle management pillar. And what exactly is involved in the account and user lifecycle? And what do we mean by that? Are we talking about provisioning an employee that's joined a new company, for example? Yeah, absolutely, Megan. I mean, we're talking about everything that takes place around a user's journey from the moment they join a company to the moment they depart the company. So that will include provisioning their initial entitlements, making sure they've got an email account, an Active Directory account, Office 365 licenses, et cetera, all the way through changes as they get promoted, more responsibility to, at some point, down the road when they leave the organization, and we need to remove all of those permissions, remove all of the licenses, and delete their account. So the AD lifecycle is the whole journey from the moment they join to the moment they leave and everything that that entails. Excellent, yes. It is so many different things. Fantastic. Well, we've picked out these six cool things, a few highlights, of easy focus areas for new Active Roles customers. So two questions-- why these ones here? And then also, how much does the proliferation and rapid adoption of Azure AD really affect what we've picked here today? OK, well, that's a really good question. So I think let's deal with the proliferation of Azure AD first of all. So I think that has an enormous effect upon organizations today. Everybody is using Azure AD. If they're not using it intensively, they're moving in that general direction. And that means that you've now got your Active Directory to administer. You've got your Azure Active Directory to administer. Things that are becoming more complicated. So we're looking for ways that we can simplify those management tasks that AD and Azure AD administrators have every day. So that kind of simplification of complex environments, the ability to be able to manage the permissions, the security, reducing the risk, as well as just simply automating as many of the day-to-day tasks that are possible to automate that are very, very common in an environment like this that most organizations face. So I think the two things are closely related. The proliferation of Azure AD is closely related to the things that we've chosen here around simplification of general day-to-day management. Excellent, OK. Well, thank you. So let's dig in here. So simplifying the management of complex environments-- in a recent chat with a company, we learned that they had a bunch of Office 365 licenses assigned to and tied up with folks that had left the company. They had not been freed up and returned to the usable pool. Does Active Roles help with anything to do with that situation? It actually does, yeah. I think-- if you think of the life of an administrator, there's lots of pressures coming in from all different directions. The focus is always on getting new people started and making them productive for the business. So very often, that means that things where an organization has people leaving because there's no pressing need from somebody wanting to do something for those users who are leaving the business, things like freeing up expensive resource and assets like Office 365 licenses often gets left or forgotten or, at the very best, deferred. So Active Roles can do that for us. So when somebody leaves an organization, along with cleaning up all of the permissions that they have, the group memberships that they have, you can control and manage things like expensive licenses like Office 365, returning them to a license pool so that they can be reused. So yeah, it absolutely does help with that. Excellent. Great, well, let's move on to our next cool thing. So managing permissions-- when it comes to admin passwords, typically it's not just one or two people at an organization who have the admin password. Commonly, it's more like 101 people at a company. So how does Active Roles help us get our arms around this situation? Yeah, and this is where we start to get in Active Roles sort of overlaps with the privileged account management area a little bit. It's really, really important to get a good control over how many people have administrative rights. And Active Roles gives us very, very powerful and flexible tools to manage permissions. We can delegate permissions on a very finely granular basis. So for example, maybe there's a remote satellite office, and you want to be able to delegate the management of that print queue in that satellite office to somebody that's physically located there. Well, you can do that without giving them administrative rights to everything. You can just give them permissions to manage the print queue. So this ability to be able to fragment, parcel up, and apportion permissions to users that need them, but nothing more, is a core function of Active Roles. And it gives the ability to be able to manage those permissions on a repeatable basis. So if you've got a new user, and you want user Dave, and you like user Megan, that becomes very, very easy. All of these things are very, very difficult to do with the native tools in Active Directory. And Active Roles makes them very, very simple, very repeatable, and allows us to track and monitor exactly who has what and who has done what through the entire lifecycle of the user, from the moment they join to the