As organizations grow, certain tasks related to Active Directory, such as creating new user accounts, moving users, resetting passwords, etc., grow dramatically and consume a lot of time.
The built-in tools to delegate such tasks to non-administrative users are very limited and complicated. Moreover, many considerations should be addressed before implementing Active Directory delegation, some of which are as follows:
Borna’s AD delegation subsystem has the following advantages:
- HR staff responsible for some minor IT tasks do not need to have any knowledge of Active Directory.
- Due to its web-based interface, Borna is accessible without requiring to install any additional software.
- Borna restricts users based on their permission as well as their OU and domain.
- Using AD delegation feature of Borna, there is no intervention needed by IT staff or administrator for routine tasks.
- Using the Change Request feature in Borna (AD Workflow), administrator and IT staff can accept or reject AD requests before they are performed on Active Directory.
- All of the necessary fields, such as profile path, which requires some basic network or Active Directory knowledge can be set to default value by IT technicians, such that HR staff would not have to worry about filling them.
Approval-based Requests in Active Directory (Active Directory Workflow)
Borna has a subsystem called Active Directory Workflow. One can set this feature such that certain AD requests must be approved by an administrator or a manager before execution. Three main roles of AD workflow subsystem are as follows:
- Requester: Users who submit an AD request (e.g. creating user request or moving user request) in Active Directory. For instance, you can assign this role to technicians in HR department.
- Approver: Users who can approve or reject an AD request. This role can be assigned to technician in HR and IT department.
- Executor: Users who are responsible for performing operations related to an AD requests.
By using AD Workflow subsystem, administrators could have a better control over AD changes in Active Directory. For more information, visit Active Directory Workflow.