A seemingly simple, yet tedious task for anyone in the information technology field is credential management. End users are given usernames and passwords for various systems in an organizations environment, and the hope is that the end users can manage these credentials with very little issue or assistance.
The reality is that most end users store these credentials in insecure ways:
- A post-it on their monitor or under their keyboard
- Jotted down on a notepad somewhere on the desk
- In their personal email
- The list goes on…
The obvious potential for a security breach goes without saying. What’s worse though is if the end user is provisioned access to multiple applications, they tend to lose track of their credentials in their “credential management system” at their desks. So what’s the solution?
With the proper tools and knowledge, a system administrator can take the management of credentials out of the hands of the end user, and even help desk technicians. The following are several solutions to common credential management issues:
- Creation of the end user account in Active Directory can be automated using an automated account management solution. This occurs by pulling a subset of user data from the human resources database. This data is mapped to active directory to create the initial account. During account creation, the password is automatically generated using domain password policies.
- Access to other systems in the environment can also be created automatically via an automated account management solution. Credentials for these other systems can match the AD credentials, but this is not required.
- Now that the end-user has access, they can enroll in a self service password reset solution. This will allow the end user to access a local client or a web portal to reset their own password, eliminating a call to the help desk.
- End users can then enroll in a single sign on solution, which allows them to centralize their credentials for all applications they access in the environment.
With the above in place, end users do not need to transact the IT department for credential issues at all. They can reset their own passwords, and simply log into their workstations with a single set of credentials to access all the systems they need on a daily basis.