Using IBM Tivoli Identity Manager to recertify Active Directory Groups

Its audit time and you’re responsible for recertifying approximately 75 Active Directory Groups and each group has a membership of about 10 to 30 people.  An email needs to be sent to every manager for them to confirm the person still needs to be a member of the group.  You have to provide information to the Auditors to confirm that each person in each of these groups has been verified.  Before you can send out the verification requests to the managers you have to confirm each Active Directory Account has the correct person contact information and manager information.  All this has to be done in the next 30 days.

What are you going to do?  Book an early tee time!

How is this possible?

You were smart enough to use IBM Tivoli Identity Manager (ITIM) powered by the PathMaker Group to manage your systems.  ITIM has built in functionality that can be configured to automatically handle your recertification and audit requirements.  PathMaker Group has the knowledge of ITIM to make it work like a well-oiled machine.  Here are some of the specifics:

  1. The Active Directory Account contains all the correct person information due to a feed from HR that propagates the person and manager information to Active Directory.
  2. Each Active Directory Group can be defined in ITIM as an ‘Access’.
  3. Using Out of the Box Recertification Policies, a workflow can be configured to assign the person’s manager an activity for them to recertify the Active Directory Group or Access.  If the manager fails to recertify the Access, the approval can be escalated to the Manager’s Manager or automatically remove the Group.   Need multiple approvals?  No Problem.  The configuration possibilities are endless.
  4. The Recertification Policy can be scheduled to run as a calendar event to execute once or multiple times a year.
  5. The entire Recertification process is available for Audit Reporting.  The auditor has a configured ITIM view and has the ability to search information and generate their own reports.

It’s audit time and with IBM Tivoli Identity Manager and PathMaker Group on your side you can lean back and put your feet up.


Mark Adamson

IBM Certified Deployment Professional – Tivoli Identity Manager V4.6 / V5.0 / V5.1

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply