I'm in search of a flexible user lifecycle automation software that can interface with our HR system's API as the main source of truth. Our goal is to automate user addition, changes, and terminations, while also creating users in our on-prem Active Directory, as well as assigning them to groups in both Active Directory and Entra ID. We want to avoid extensive custom scripting if possible, since we need a solution that admins can easily navigate and modify without deep programming knowledge. We've seen a lot of products, but many don't seem to handle the complex logic we require. For instance, our organization is large, and it's common for multiple employees to share names, so we need specific rules for generating unique email addresses, rather than just appending a number to usernames. Are there any products out there that fit these needs, even if they require some scripting within the overall framework? Most options I've seen either seem too simplistic or only interface with Entra, ignoring Active Directory entirely.
4 Answers
Adaxes is likely your best bet for what you're looking for. It's pretty robust and customizable, especially if you need to handle unique user scenarios.
There are definitely advanced Identity and Access Management (IAM) solutions that can address your needs. These platforms are designed for complex integrations and can work effectively with both cloud and on-prem systems. I used one for a large retailer with substantial success, reducing support tickets by 30% after switching to an HR system as the user source. It may require a bit of investment, but it often pays off in efficiency.
We faced similar needs a few years back and experimented with Adaxes. Ultimately, we ended up custom scripting because certain requirements just couldn't be met given how our source data was structured. Though, I get that scripts can be daunting, especially for other admins, thanks to AI, understanding scripts isn’t too tough anymore if you keep them concise and well-documented. It’s really about managing complexity.
I've been working with SIIT, which provides orchestration specifically for this type of user lifecycle management. It's natively integrated with HR systems and can trigger workflows that provision accounts in Active Directory seamlessly. For the issues around name duplication, using API and webhooks can be a solid approach. You’d already have most of the work done with this solution. Let me know if you’d like to connect with a solutions expert, or you can check it out online yourself!
Thanks for the suggestion! I’ll definitely look into it.
I think Adaxes was one of the options we considered last time too! We found it a bit slow initially when starting out. I agree that keeping scripts under 30 lines can really help focus on individual tasks rather than sprawling monoliths.