Showing results for 
Search instead for 
Did you mean: 

Managing permissions at scale...

Occasional Contributor

Managing permissions at scale...

Have any of you found a successful model for managing granular permissions for users at scale (1500+ users)? We use AD groups, but they've mostly sprawled out of control and it can be challenging to at-a-glance understand what Role/AD group leads to what layer 3 access. Introducing more discipline and oversight into the process might help, but I'm thinking others may have found a better, more scalable way.

Have also considered offloading the access decisions to the firewall layer leaving the Pulse box mostly to handle tunnel termination and authentication.

What have you found works?
Occasional Contributor

Re: Managing permissions at scale...

I think your best bet will be getting AD under control. We use dedicated AD groups for our remote access to give various different roles and make the name mean something. Also, not allowing nested groups within that group (only individual users) will help.
Name something like RemoteAccess-RDP, RemoteAccess-View, RemoteAccess-Meetings, RemoteAccess-SSH, etc.