In many organizations, there are more Active Directory groups than there are users. Management of membership in these groups can be a major problem:

• There is a high volume of change requests and
• users are not familiar with groups, and instead call the help desk complaining about "access denied" errors.

The group membership management process is time consuming:

• Help desk calls are escalated to a security administration desk,
• The security desk must:
  • locate the object which the user tried to access,
  • find a group with suitable privileges,
  • locate the group's owner and ask for permission.
  All this happens before the simple task of adding the user to the group.

ID-Access® is software from Hitachi ID for managing membership in Active Directory groups. It allows users, who may not be familiar with groups at all, to initiate requests for group membership:

• Users make requests in reference to network resources, such as shares and folders.
• ID-Access automatically maps these requests to security requests for AD group membership.
• ID-Access locates group owners and uses an authorization workflow to authorize the change.