I'm looking for ideas on how to document the default access that new employees get in our organization. Currently, we manage most of our permissions through Active Directory groups, along with shared mailboxes and Teams channels. Ideally, there would be a tool that allows us to look up access based on job title, location, or department, showing us what groups or emails the new hire should be assigned to. It would also be great to easily update these permissions as roles change over time. I assume a PowerApp could solve this, but I don't have experience building one. Any suggestions?
4 Answers
In my experience with the US Air Force, we kept things straightforward by saying things like, 'Make John's access the same as Susan's.' I had files for each user that detailed their access using a format similar to LDIF. Whenever changes happened, I would update these files, making it easy to track access based on user IDs.
I created an IT resources list in SharePoint that matches access permissions with job roles. We add new employees to a nested resource group, and automation triggers to assign them to the necessary groups based on their position.
We handle this with Adaxes, which automates our access management process. It makes it much easier since we don’t have to do it manually, and it tracks changes well.
For our setup, we have "template" users within each organizational unit (OU), which hold default group memberships. When we onboard a new employee, we compare them against these template users to assign the appropriate access rights.
I haven't heard of Adaxes before. I'll check that out. Thanks!