Microsoft’s Active Directory provides essential identity services to many different types of organizations. We’ve recently been working on enhancing our PeopleProvision solution to better meet the needs of our customers and we’ve noticed some interesting differences between the way enterprises use Active Directory and the utility that AD provides to a managed services provider (MSP). We describe the differences here and talk about our approach to engineering PeopleProvision to best meet the needs of enterprises and MSPs.

Both enterprises and MSPs use Active Directory in the same way as an identity store through the authentication and authorization services in AD. One key difference beyond these services defines a significant contrast in the way enterprises use AD versus how MSPs employ AD.

This statement seems obvious but it actually only emerged for us after talking to a number of enterprises and MSPs about their unique needs for provisioning in Active Directory. The way enterprises use AD and the difference in how MSPs use AD has significant implications on the design of a system like PeopleProvision. Two things come out during the analysis process.

1. Enterprises really need a synchronization between AD and other identity stores. AD in many cases just mirrors data from other systems except for core account information and group memberships. In addition, provisioning in enterprises often requires managing external resources like user shares on file systems and email boxes.
2. MSPs don’t have many synchronization needs and don’t typically need the organizational data that AD can archive. Provisioning typically doesn’t require hooks to external systems like file systems or email systems. Core account information and group memberships drive role-based access control (RBAC) in software-as-a-service (SaaS) applications that MSPs provide.

At the end of the day, the provisioning scenarios for enterprises differ significantly from MSPs. We realize this difference and we will blog over the next week or two about how we have engineered PeopleProvision to best meet the unique needs of both enterprises and MSPs.