0 votes

Hi all,

I am not a user of Adaxes but I wanted to post this challenge that I'm having and would like to see if others are using Adaxes to resolve this.

OK so my company requires that a manager who has hired a contractor to validate that this contractor is still active every month. Currently this process is done using various spreadsheets and emails to the contractor's manager. The manager then responds to this email and someone monitoring a shared mailbox then goes into the contractors AD account and extends the expiration date (if necessary). What often happens is the contractor's manager doesn't respond in time and the account is disabled. What is necessary is to have a record that the manager validates this contractor for the next month. This validation process is required every month.

What I'm looking for is a tool to help automate this and allow a manager self service for this. So an example of what I mean is a reminder email is scheduled to email the manager's of the contractors that a validation is due. This will have a link where the manager can validate the account for the next month, extend the expiration date, and or enable the account if it wasn't updated in time. By doing this it would eliminate the need for spreadsheet manipulation and shared mailbox monitoring. However there must be a record that the manager has validated for the month.

Does Adaxes do something like this?

Thanks,
Chris

by (20 points)

1 Answer

0 votes
by (1.2k points)

We are doing this with Adaxes.

When the Help Desk creates accounts, they have to specify the AccountType from a drop down box. Anything but an employee gets automatically set with an expiration date. The person requesting the account is set as the manager. An Adaxes scheduled task runs midday once a week to look for non-employee accounts that will expire within 14 days, but that are not expired already or disabled. The action is to change the expiration date to so many days in the future, but this change then requires approval from the manager of the user object. The manager gets the email to go to the Adaxes self service page where they can approve or deny the attempt to extend the expiration date.

For your other need of the manager to be able to enable or even disable the account, you can set it so that the managers can do those actions to objects they are set as the manager for.

We have groups that have the manager attribute set and those people can go to the self service and add and remove members from those groups. This comes in handy for the Marketing dept that has that expensive copier that they don't want anyone using.

Adaxes will maintain logs locally on the server for a set number of days. We have ours set for a year, but we additional send all our Adaxes logs to Splunk via syslog. So we have a record of the approval requests and the extension of the expiration dates.

Adaxes can do all that you are asking for and more. Download the trial.

Related questions

0 votes
1 answer

I am trying to remove the administrator drop down on the reset home page and only leave self-service is this possible?

asked Jun 14 by Jeff.Briand (80 points)
0 votes
0 answers

Whether I try to run a script or manually run the commands to enroll users, users remain unenrolled. Example of a basic script: Import-Module ... ` -QuestionsAndAnswers @{$question1=$answer1;$question2=$answer2} -AdaxesService localhost Adaxes version 2021

asked Mar 27, 2023 by gwadmin (80 points)
0 votes
1 answer

Will a user enrolled into Password Self-Service be required to re-enroll after a name change? For instance, jane.smith becomes jane.brown.

asked Jan 14, 2016 by polley (1.2k points)
0 votes
0 answers

Hello, I have a nice branded HTML email I'd like to use for the Self Service Invite and Self Service Password reset Emails. Is it possible to use HTML in the test fields under ... text so I'm guessing I can't but figured I'd ask rather than assume! Thanks!

asked Nov 19, 2015 by drew.tittle (810 points)
0 votes
1 answer

Hello Could anyone tell me before we begin our testing if it is possible to reset your password from the Self Service Client from a remote location using MS Direct Access to ... the Adaxes or Direct Access side that we'll need to think about? Thank you.

asked Oct 27, 2014 by CBurn (700 points)
3,549 questions
3,240 answers
8,232 comments
547,820 users