USE CASE​

Group Management for the Microsoft Enterprise

Keep Groups Accurate and Up-to-Date Automatically​

Group management with native tools is not only tedious and time-consuming, but inevitable mistakes can cause groups and memberships to become dangerously inaccurate.  It’s no surprise that security groups that control user access have become a favorite target of attackers, compliance officers, and auditors.

  • Keep groups accurate
  • Empower group owners
  • Verify groups are accurate

Features and Benefits

Web Based Delegated Group Management

Cayosoft Administrator provides un-rivaled control over the administration of groups and of group memberships is accomplished within an easy to use web portal. Targeted at day-to-day administrators, help desk personnel, and group owners Cayosoft provides a secure and comprehensive solution to the manual management of groups. 

Dynamic Groups Automation

Dynamic Groups keep groups accurate, eliminates errors all while sustaining critical security, compliance, and efficiency goals. Granular membership rules automatically update memberships when changes occur, allowing administrators to concentrate on more important issues. As users join the organization, change roles, or depart, groups are automatically and dynamically updated, keeping groups accurate and maintaining critical IT system security and compliance.

Family Groups Automation

Family Groups automatically provision and populate a collection of group. Groups are created and dynamically updated according to the parameters of the Family Group. For example, there may be a need for an Active Directory Group based on the values found in the Department attribute of all users. The Family Group would create a group for each unique Department name, then based on the department each user is placed into the appropriate group.

Restricted Groups Security

Restricted Groups are groups that have had membership requirements pre-defined to prevent incorrect membership assignments. Users or groups who are eligible to be made a member of a Restricted group are defined either by name or can be defined by a query. For example, you could require a user have the department of “Information Systems” to be eligible to be made a member of a group.

Self-Service Group Management

Self-Service Group Management allows application and data owners to manage the membership of the groups for which they are responsible.  Cayosoft Administrator includes group enrollment notifications and works with all Microsoft group types including on-premises and in the cloud. Cayosoft group management also includes self-service group owner enrollment, approval over group membership requests, and can be restricted by restriction rules (Restricted Groups)

Group Owner Certification and Attestation

Group certification and access attestation satisfy many legal, regulatory, compliance and security requirements found in HIPPA, SOX and PCI and other regulations.  Group certification allows obsolete groups to be identified and suspended. Access attestation requests the group owner verify that the group membership is correct and that the group is being used correctly.

See Cayosoft Administrator In Action

Cayosoft-Administrator_demo.jpg
Play Video

Business Benefits

Cayosoft Administrator automatically and dynamically keeps groups accurate across Active Directory, Azure AD, Office 365 and hybrid environments, helping you sustain key security, compliance and efficiency goals.

Granular rules eliminate errors and scripting

Easy-to-create granular membership rules allow your organization’s data to be used to include or exclude members of a particular group. Inclusion Rules define the list of users that must be in the group while Exclusion Rules define the list of users who should never be in the group. Granular membership rules keep group accurate so that only authorized people are given access to the resources associated with that group.


Unlike other group update tools, Cayosoft Administrator does not require that you understand LDAP Query Language to create complex rules. And because Cayosoft Administrator accurately keeps group memberships up to date, you can feel confident that your security, efficiency and compliance goals related to group management are sustained 24x7x365.

Secure Privileged Access and Self Service

Monitor unwanted group membership across your environment, both in Active Directory and Office 365, to ensure only authorized employees are granted access to sensitive information.

User self-service group management with controls

Easy-to-use self-service group management allows distribution list, application, and data owners to manage who has access to their resources. Group Owners can publish their groups, allow others to request access, and can require approval before users are added to their group, reducing expensive and time-consuming help desk requests. Allowing group owners to manage their own groups also moves the burden of compliance and security to the group owner, who better understands why a member should or should not be added.

Improve identity and access management

As users are hired, change roles, change locations, leave the organization, start or stop projects – provisioning of access means that groups need to be updated. Purpose-built for the hybrid enterprise, Cayosoft automates group management for Microsoft, regardless of where the access is granted.

Protect privileged groups by setting group membership time limits and by allowing only members that meet eligibility conditions.

Simplify Compliance​​

Verify the accuracy of group memberships and easily eliminate unnecessary groups to fulfill security and compliance regulations. Cayosoft Administrator automates the process of periodically asking group owners to verify group memberships in order to satisfy key compliance control and audit requirements.

Streamline compliance certification reviews

Security and Compliance Certification Reviews with “Attestation” satisfies many legal, compliance, and security requirements found in HIPPA, SOX, PCI, and other regulations. In addition to verifying the membership, these controls will identify and optionally suspend/disable unused or unwanted groups, reducing the overall management burden.

Enforce segregation of duties

For security and compliance reasons, an “Auditors Only Group” that may allow the clearing of security logs, should not contain members that are actually being audited. If a user that is being audited is accidentally added to the “Auditors Only Group”, Dynamic Group rules will automatically remove the user from the group, sustaining the security or compliance requirement.

Check out these relevant resources.

Case Study

Manhattan Ogden School District Automates for Efficiency

“When we started running Cayosoft, I was surprised to see a number of users who were in the wrong groups and Organization Units. We used Cayosoft to move users into the correct OU and groups. This has fixed the issue of student and staff not receiving communication because they were not in the correct distribution group. This has also eliminated potential security concerns.”

Infographic

Microsoft Groups Demystified

This “5 Keys to Successful Group Management” infographic provides a quick reference and graphical look at best practices approach for managing hybrid AD and Microsoft 365 groups.  With the right approach, you can demystify the process of group management and governance in modern Microsoft environments.

Webinar

Microsoft Groups Demystified: 5 Keys to Successful Group Management

We explore the history of security groups and distribution lists and dive deep into how best to approach users and strategies for on-premises and cloud group coexistence and synchronization.