Contractor Validation and Self Service?

Question

Hi all,

I am not a user of Adaxes but I wanted to post this challenge that I'm having and would like to see if others are using Adaxes to resolve this.

OK so my company requires that a manager who has hired a contractor to validate that this contractor is still active every month. Currently this process is done using various spreadsheets and emails to the contractor's manager. The manager then responds to this email and someone monitoring a shared mailbox then goes into the contractors AD account and extends the expiration date (if necessary). What often happens is the contractor's manager doesn't respond in time and the account is disabled. What is necessary is to have a record that the manager validates this contractor for the next month. This validation process is required every month.

What I'm looking for is a tool to help automate this and allow a manager self service for this. So an example of what I mean is a reminder email is scheduled to email the manager's of the contractors that a validation is due. This will have a link where the manager can validate the account for the next month, extend the expiration date, and or enable the account if it wasn't updated in time. By doing this it would eliminate the need for spreadsheet manipulation and shared mailbox monitoring. However there must be a record that the manager has validated for the month.

Does Adaxes do something like this?

Thanks,
Chris

Answer 1

We are doing this with Adaxes.

When the Help Desk creates accounts, they have to specify the AccountType from a drop down box. Anything but an employee gets automatically set with an expiration date. The person requesting the account is set as the manager. An Adaxes scheduled task runs midday once a week to look for non-employee accounts that will expire within 14 days, but that are not expired already or disabled. The action is to change the expiration date to so many days in the future, but this change then requires approval from the manager of the user object. The manager gets the email to go to the Adaxes self service page where they can approve or deny the attempt to extend the expiration date.

For your other need of the manager to be able to enable or even disable the account, you can set it so that the managers can do those actions to objects they are set as the manager for.

We have groups that have the manager attribute set and those people can go to the self service and add and remove members from those groups. This comes in handy for the Marketing dept that has that expensive copier that they don't want anyone using.

Adaxes will maintain logs locally on the server for a set number of days. We have ours set for a year, but we additional send all our Adaxes logs to Splunk via syslog. So we have a record of the approval requests and the extension of the expiration dates.

Adaxes can do all that you are asking for and more. Download the trial.