This content is part of the Essential Guide: How to deal with Identity and access management systems

Active Directory management gets easier with mobile apps for IT admins

Software vendors are increasingly offering admin-facing mobile apps, allowing IT to use their mobile devices to remotely manage users. Take ADManager Plus for Active Directory management, for example.

Mobile apps for employees can help improve business productivity, but there are also apps to help IT administrators do their jobs better.

Mobile apps that allow admins to manage users and services remotely are becoming more prevalent, experts said. One such app is ADManager Plus from software provider ManageEngine, which lets IT manage Active Directory (AD) accounts from mobile apps on their Apple iOS or Google Android devices. The company this month added smart card support for an extra layer of security when admins log into the app.

Active Directory management through a mobile app is great for admins when they're away from their desks, said Steven Powers, IT manager at a medical technology provider in Houston, who used ADManager Plus at his prior company.

"Those kinds of apps are really helpful," Powers said. "We're not always at our desks, so if someone calls from the office that needs you to reset something, you can do it right from your phone."

Other mobile apps for Active Directory management include, Server Mobile Admin from InfraDog and SolarWinds' Mobile Admin. Cloud services, such as G Suite -- Google's bundle of business apps, including Calendar, Hangouts, Drive and Docs -- also offer admin-facing apps. The Google Admin app allows IT to manage user activity, reset passwords, view audit logs and more from iOS or Android devices.

"We see more admin tools offering mobile apps, freeing IT staff from their desks and enabling better coverage and response," said Allen Falcon, CEO of Cumulus Global, an IT consultancy in Westborough, Mass.

Active Directory management gets smarter

ManageEngine, based in Pleasanton, Calif., offers ADManager Plus as a paid download through the Apple App Store and Google Play Store. With the app, admins can respond to users' requests for password resets, view logs of which users accessed what data and what changes they made, review help desk tickets and perform other Active Directory management tasks.

We see more admin tools offering mobile apps, freeing IT staff from their desks and enabling better coverage and response.
Allen FalconCEO, Cumulus Global

For instance, if a user needs a password reset, that's an issue that must be resolved immediately so the employee can get back to work. If he or she makes the request outside of working hours or when an IT admin is in a meeting, the admin can use ADManager Plus to quickly address it no matter where they are.

On the desktop management console, many of these AD tasks -- particularly reviewing audit logs -- require a lot of "digging" to get the information IT needs, but the mobile app interface makes it easier to find and use these commonly needed tools, Powers said.

In fact, the app can provision a new AD user in about two steps, rather than the seven or eight steps required to do it manually in Active Directory -- taking a 30- to 45-minute task down to about five minutes, Powers said.

“It's great if you have a smaller staff and accomplish the same work that you'd otherwise need a couple more people for," he added.

The app's new support for smart cards bolsters security of the app and the endpoint that grants access to an organization's Active Directory policies. Many organizations provide employees with smart cards to gain access to computers or applications. With a smart card on ADManager Plus, an admin signs into the app with his or her AD username and password, in addition to smart card PIN. The AD credentials have to match the admin's smart card profile to grant access to the app.

"AD is so critical from a security perspective that if I'm a bad guy, this is an obvious place to try to disrupt," said Raj Sabhlok, president of Zoho Corp., the parent company of ManageEngine. "If I did, then I have the ability to make changes to roles and privileges. Active Directory is the crown jewel and gateway to all technology in the enterprise."

ADManager Plus starts at $495, and a 30-day free trial is available through the ManageEngine website.

Next Steps

Check out this tool to clear out clutter in Active Directory.

How to decide who owns Active Directory provisioning.

How to manage Office 365 from Active Directory.

Dig Deeper on Mobile application strategy

Unified Communications