Active Directory is the most popular target system to be integrated with any identity solution ( One Identity Manager ,OpenIDM by Forgerock, IdentityIQ or IdentityNow by Sailpoint, Okta, One Login,etc.) . As part of your vendor initial discovery phase to identify the company business cases, your team needs to be prepared to respond the following questions:
- Who/Which team is the owner of Active Directory?
- What’s their availability to participate in this project?
- What is your Active Directory version?
- Are there any plans for upgrading/migrating/updating AD?
- Does your AD schemas was extended? Which attributes? is there any custom extended attribute required to be handled by the identity solution?
- Do you have development, test, and prod Active Directory environments?
- are the data in the lower environment Production-like?
- What will be the effort to refresh the lower environments with production-like data?
- Who has permission to create AD Accounts? Only admins? Help Desk?
- Is your AD synchronized with external systems/3rd party vendors? i.e Okta, AzureAD, ServiceNow
- Is the Active Directory single or multiple domains?
- How is your OU structure?
- How many AD Users? are all the users populated with a manager?
- How many AD Groups? are all the groups populated with Group Owner?
- Can users have multiple accounts in Active Directory? How do you identify them?
- What user types are supported by Active Directory? Employees, Non-employees, Contractors, Vendors, etc.
- Do you write back any AD attribute to other systems?
- Describe the process for creating, updating & terminating Active Directory accounts.
All these question will help you to start your conversation and drive the discovery phase. Certainly there are a lot more question that can be addressed, but we will talk about them in future posts.
If you want to include more questions on this list, please send us an email to aidy.allidm@gmail.com
We are available to support your company and provide our best practices during this phase if you need.