Skip to main content
Skip table of contents

Optimizing Your Setup with a re:ADM Review

A re:ADM project involves revitalizing an existing eADM instance to ensure you are leveraging its full potential. The goal is to upgrade your configuration to a modern standard, improving efficiency and maximizing the value of the platform.

To ensure the best use of time, we recommend a planning meeting to discuss your current setup and suggest improvements. For customers syncing with Active Directory, we will also need access to the AD for a complete analysis.

A re:ADM process focuses on three main areas:

  • User Account Management

  • License Management

  • Access Management

User Account Management

Position and Main Filters

You can filter out individual employee positions, such as elected officials, contractors, or foster homes, even for employees who hold other positions in the organization.

The position filter is more granular than the main filter. The main filter removes entire user accounts from an import, while the position filter removes specific roles associated with a user.

Ideally, the position filter should first remove unwanted roles. Then, the main filter can be configured to remove any users who have had all their positions filtered out.

Updated Message Flow

eADM can be the backbone of your onboarding and offboarding processes. Consider the following enhancements to your message flow:

  • Use ID-porten for initial user onboarding instead of SMS-based one-time passwords.

  • Configure a custom sender name for SMS messages.

  • Set a custom sender address for emails.

Managing External User Accounts

To maximize the benefits of automated user management, external user accounts (e.g., substitutes, students, external consultants) should also be handled through the platform.

Helpdesk staff can create external accounts on request, or you can implement a workflow where managers order accounts via a form, triggering automatic creation.

Note: It is critical that all external accounts are registered with an expiration date. Combining this with an email notification before the expiration date ensures that external accounts are temporary and require active, periodic renewal. This also saves significant time by allowing department managers to self-serve and automate the provisioning process.

Purging Deactivated Accounts

Deactivated accounts should not remain in the system longer than necessary.

  • Recommendation: We typically recommend that accounts are purged one year after deactivation.

  • Process: When an account is purged, all history, personal data, and logs are permanently deleted. This is a crucial practice for GDPR compliance.

License Management

Effective license management can lead to significant cost savings. This can be achieved through needs-based license allocation and austomatic downgrading of unused licenses for services like Microsoft 365 or Citrix.

Needs-Based License Allocation for New Employees

Instead of assigning high-tier licenses by default, consider a different approach.

  1. Set a basic cloud license (e.g., Microsoft 365 F3) as the standard for all new users.

  2. Give department managers the ability to upgrade licenses to a higher tier (e.g., E3) based on actual user needs.

Note: This strategy typically leads to a dramatic reduction in the use of expensive licenses, resulting in substantial annual savings.

Automatic Downgrading of Unused Licenses

eADM can automatically downgrade users who have not logged into Azure for the last 60 days. For example, an account with an E3 or F3 license could be downgraded to an Exchange-only license.

Similarly, Citrix licenses can be managed based on the last login date, as illustrated in the process below.

Example: Automated Citrix License Removal

This logic is based on the lastLogonTimestamp attribute from Active Directory.

  1. Has the user ever logged in?

    • If yes: Proceed to the next step.

    • If no: Check if the account was created less than 90 days ago.

      • If yes: The user keeps the Citrix license.

      • If no: The Citrix license is removed.

  2. Was the last login more than 90 days ago?

    • If yes: The Citrix license is removed.

    • If no: The user keeps the Citrix license.

Access Management

Routine access management should be automated. When access is granted automatically based on defined rules, it is also revoked automatically when the conditions are no longer met.

New Integrations

We can help you identify opportunities to automate new systems, especially those that currently require significant manual data entry or correction. Common examples include Compilo, Sak/arkiv (case/archive systems), and Gerica.

Real-Tie Access Management

eADM supports near real-time access management (delta sync).

  • Benefit 1: If a manager grants an employee access to a business system, the access is provisioned almost immediately.

  • Benefit 2: New external user accounts are created instantly, which is useful for contractors who need to start the same day they are registered.

 

 

 

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close