eADM
eADM
Breadcrumbs

Optimizing Your Setup with a re:ADM Review

An re:ADM project involves revitalizing an existing eADM to ensure you are making the most of its capabilities. The goal is to upgrade your configuration to a modern standard, improving efficiency and maximizing the value of the platform.

To make the best use of your time, we recommend scheduling a planning meeting to discuss your current setup and suggest improvements. For customers syncing with Active Directory, we will also need access to the AD to perform a thorough analysis.

The ADM process focuses on three main areas:

  • User Account Management

  • License Management

  • Access Management


User Account Management

Position and Main Filters

You can filter out specific employee roles, such as elected officials, contractors, or foster care providers, even for employees who hold other positions within the organization.

The position filter is more granular than the main filter. The main filter removes entire user accounts from an import, while the position filter removes specific roles associated with a user.

Ideally, the position filter should first remove unwanted roles. Then, the main filter can be configured to remove any users whose positions have all been filtered out.


Updated Message Flow

eADM serve as the backbone of your onboarding and offboarding processes. Consider the following improvements to your message flow:

  • Use the ID portal for initial user onboarding instead of SMS-based one-time passwords.

  • Configure a custom sender name for SMS messages.

  • Set a custom sender address for emails.


Managing External User Accounts

To maximize the benefits of automated user management, external user accounts (e.g., substitutes, students, external consultants) should also be managed through the platform.

Helpdesk staff can create external accounts upon request, or you can set up a workflow where managers request accounts via a form, triggering automatic creation.

Note: It is critical that all external accounts be registered with an expiration date. By combining this with an email notification sent before the expiration date, we ensure that external accounts remain temporary and require active, periodic renewal. This also saves a significant amount of time by allowing department managers to manage the provisioning process themselves and automate it.


Purging Deactivated Accounts

Deactivated accounts should not remain in the system any longer than necessary.

  • Recommendation: We typically recommend that accounts be deleted one year after deactivation.

  • Process: When an account is purged, all history, personal data, and logs are permanently deleted. This is an essential practice for GDPR compliance.


License Management

Effective license management can lead to significant cost savings. This can be achieved through needs-based license allocation and automatic downgrading of unused licenses for services such as Microsoft 365 or Citrix.


Needs-Based License Allocation for New Employees

Instead of assigning high-tier licenses by default, consider a different approach.

  1. Set a basic cloud license (e.g., Microsoft 365 F3) as the default for all new users.

  2. Give department managers the ability to upgrade licenses to a higher tier (e.g., E3) based on actual user needs.

Note: This strategy typically leads to a significant reduction in the use of expensive licenses, resulting in substantial annual savings.


Automatic Downgrading of Unused Licenses

eADM automatically downgrade users who have not logged into Azure for the past 60 days. For example, an account with an E3 or F3 license could be downgraded to an Exchange-only license.

Similarly, Citrix licenses can be managed based on the last login date, as shown in the process below.


Example: Automated Citrix License Removal

This logic is based on the lastLogonTimestamp attribute from Active Directory.

  1. Has the user ever logged in?

    • If yes: Proceed to the next step.

    • If not: Check whether the account was created less than 90 days ago.

      • If yes: The user retains the Citrix license.

      • If not: The Citrix license is removed.

  2. Was your last login more than 90 days ago?

    • If yes: The Citrix license is removed.

    • If not: The user retains the Citrix license.


Access Management

Routine access management should be automated. When access is granted automatically based on defined rules, it is also revoked automatically when the conditions are no longer met.


New Integrations

We can help you identify opportunities to automate new systems, especially those that currently require significant manual data entry or correction. Common examples include Compilo, Sak/arkiv (case/archive systems), and Gerica.


Real-Time Access Management

eADM near real-time access management (delta sync).

  • Benefit 1: If a manager grants an employee access to a business system, the access is granted almost immediately.

  • Benefit 2: New external user accounts are created instantly, which is useful for contractors who need to start work the same day they are registered.