March 25, 2016 Leave a comment
Yes, it’s me again and Yes with MIMWAL again 😉
When talking with people about Privileged Access Management (PAM) scenario of my, I often get asked if the dedicated PAM forest is required. The aswer is yes, this is by design and also a very important security feature of the solution as you can never be sure your current forest is not already compromised. Also you can have the PAM forest more secure and some other benefits.
However having time limited group can also be useful in a one forest/domain scenario. So I played around a bit in my demolab and tried to build a simply PAM like solution with help of the Microsoft Workflow Activity Library (MIM WAL).
Description and benefits of my demo scenario:
- Having time limited group membership
- Duration of group membership can be modified
- Can be initiated by users directly or by admins/helpdesk
- Users get notified when their group membership expires