What are some Security Concerns and Best Practices for creating Active Directory accounts for 3rd party Identity Management solutions.
non-MS Identity Management (IDM) solutions require creation of an Active Directory account with domain wide administrative priveleges. The IDM solution then uses that account for day to day administration task like create new users, change password, group membership etc. 1) What are some security concerns with this approach. 2) What are best practices to prevent abuse of this account 3) What type of auditing needs to in place to prevent abuse. -- Saqib Ali, CISSP http://www.xml-dev.com/blog/ "I fear, if I rebel against my Lord, the retribution of an Awful Day (The Day of Resurrection)" Al-Quran 6:15 --------------------------------------------------------------------------- ---------------------------------------------------------------------------
