Startup Idea: Access Control Management Portal

Startup idea to develop a web-based portal for automated access control management for organizations. The platform should allow delegating permission management, schedule regular reports on access levels, and implement automatic user-creation/modification based on Active Directory group membership with simple boolean logic.

I work in Information Technology for a company with a few thousand employees. We have numerous applications and systems that we manage access and permissions to, all set by group membership in Active Directory. We spend a great deal of time manually managing and auditing these permissions.

The solution we would like to see would be a web-based portal that allowed us to delegate the management of those permissions out.

For example, let's say Bob is an office manager, and Alice is a new hire in his office. Using role based access control, we'd like to be able to allow Bob to manage the permissions for ApplicationX. Rather than telling us he needs Alice to access ApplicationX, he could simply go to the web portal and provide that access in a self-service manner.

Additionally, it would be nice if we could generate reports on a regular schedule, and have them sent to the application managers for review. This would help cut down on permissions creep and ensure access was limited appropriately.

If we could also use this tool for simple types of access control automation, this would also be useful. For example, we may know that everyone who works in a certain office needs access to a specific application or tool. By monitoring Active Directory for user creation/modification, we could automatically set group memberships (and thus permissions). Something that provided simple boolean logic would likely be useful here (for example, if Department == Human Resources AND Job Title == Administrative Assistant GRANT ApplicationX). Yes, we have looked for solutions like this. Most common search terms would be: Active Directory group management Active Directory group automation

We currently solve this problem by manually processing the changes required, however we are in the process of implementing a system that is similar to the one I described via Microsoft System Center. This requires a fair amount of customization and coding on our part... Something that was ready to roll out of the box would allow us to focus our time and energy in other areas.