As a franchisor, one of the biggest issues is controlling access to systems required by your franchisees. It’s easy to control using Active Directory but it’s hard to get your franchisee employees into Active Directory.
Think about it, you have 300 franchisees, each with 20 employees needing varied levels of access to the milkshake recipe wiki. But, those 20 employees actually change on a pretty frequent basis. And, you have no way to track them.
Franchisee employees are rarely on a central HRIS. And franchisees are usually too small by themselves to be running an Active Directory infrastructure. And, they don’t work for you so you have no idea that they even exist.
So, how do you give them access to the milkshake wiki?
You have to synchronize.
Unless you are able to force IT standards on the franchisee, you have no idea how they are keeping data. It’s probably not consistent and it’s unlikely to be updated. But one thing you do know? They have to pay their employees. And, given the margins in your business, they probably have a good handle on who should and shouldn’t get paid on the 1st and 15th.
So, you simply get access to dump files or the backend databases of their HR (most likely the former), and create synchronization jobs to create user accounts in Active Directory. One franchise we recently spoke to just makes an OU per franchise. When they terminate someone in their HRIS, their account is deprovisioned. Boom, access to the milkshake recipe wiki is solved.
Or is it? You only want managers to know the secret sauce to the orange creamsicle milkshake but need all users to know how to make vanilla, chocolate and strawberry.
Everyone needs a user account but you need manager types to be in the top-secret-orange-creamsicle security group. So you automate the security group based on title and dynamically maintain group membership.
Of course, GroupID provides this functionality through its Synchronize and Automate modules. Throw in Self-Service and Password Center and you can manage your franchisees users and groups, freeing up time for you to enjoy one of those Top Secret Milkshakes.
Jonathan Blackwell
View ProfileSince 2012, Jonathan Blackwell, an engineer and innovator, has provided engineering leadership that has put GroupID at the forefront of group and user management for Active Directory and Azure AD environments. His experience in development, marketing, and sales allows Jonathan to fully understand the Identity market and how buyers think.