Over the last decade, remote working has increased by 400%, according to a GetApp survey, and more employees have come to expect it as a matter of course. This means IT admins need to strategize how they’ll onboard those users and maintain the security of their accounts.
Here, we’ll cover the things that organizations, and particularly their IT departments, should do to prepare before they introduce remote employees into their workforce and how to do so depending on the directory service they use.
Remote Employee Considerations
Before launching remote workers in the field, IT admins and other organizational leadership should take a holistic look at user security and management considerations. HR departments and managers, for example, should consider how to measure a remote worker’s output while also providing them with time to relax and socialize with their fellow employees, even if it’s in a digital forum.
For IT specifically, these questions are worth developing a strategy around:
- How will we give users access to their systems and other devices?
- How will we deliver their systems to them and maintain control over those systems?
- How will we provision access to apps, networks, file servers, and other infrastructure?
- How will we ensure the security of their accounts and access?
Remote work complicates onboarding and user and system management, but it’s possible to execute these tasks securely.
Active Directory & Remote Employees
Active Directory® historically dominated the market because of its ability to connect users to and manage all domain-bound resources, which were on-premises and Windows®-based. Now, with the rise of remote working and cloud/non-Microsoft® IT resources, admins have to do more legwork to connect users to all the tools they need to get their jobs done. Admins have several options when connecting remote users to the AD domain.
Remote Domain Controller
In the case they are managing a full remote office, admins can establish a remote domain controller setup. They would likely use a read-only domain controller with a one-way sync from the central domain controllers. Once employees are onboarded, this setup would give them the ability to connect to the network. This option, of course, requires additional hardware and a strategy for securing and maintaining the remote domain controller(s).
Although a remote office might merit an additional domain controller (or two), admins need to identify a different solution for individual remote users — namely a VPN connection to the AD network. There are various challenges with this approach — including users letting their passwords expire before they VPN into the network again and figuring out how to sync VPN access with AD credentials.
Organizations that lack full remote offices or that don’t want to invest in additional infrastructure can seek other options — like a comprehensive cloud solution to extend AD credentials to any resource, whether it’s on-prem or remote. Some admins might turn to Azure® Active Directory, but it’s worth taking a comprehensive look at the needs of remote workers before choosing another Microsoft solution that also struggles to connect users to resources such as Mac® machines.
As admins consider how to onboard remote users to resources not bound to the domain, they should look for comprehensive solutions that can federate user identities to all their resources.
Cloud IAM & Remote Employees
From a comprehensive cloud AD bridge or a cloud directory service, IT admins can provision users to virtually all their resources regardless of where they’re located. These resources likely include SaaS apps and productivity suites like G SuiteTM, Mac and Linux® systems, RADIUS networks, and cloud infrastructure. With cloud identity and access management (IAM) solutions, admins don’t have to worry about the complex on-prem infrastructure or networking that AD requires.
With cloud IAM, admins can also establish automatic user provisioning workflows that are triggered as soon as the HR department enters the user into the human capital management (HCM) so that the same digital identity flows into the central directory and then on to a user’s permitted resources — all of which is done regardless where the user is located.
Systems & Training for Remote Employees
Once these workflows are established, admins then need to establish processes to ensure remote employees get the physical resources they need, including their systems. In some cases, IT admins can implement zero-touch deployment of systems so they never have to handle the machines; they’re automatically configured post-boot and ready to use straight out of the box. They can ship the machines to remote users and not have to otherwise interact with the machines.
This isn’t possible with every operating system, so another option might be to give remote employees their machines during on-site onboarding or ship them pre-configured. HR leaders recommend in-person training to better integrate remote employees with company culture and values before sending them into the field, which is a good time to provide their systems and other physical resources.
JumpCloud® Directory-as-a-Service® is one possible solution for admins to consider. JumpCloud features the first comprehensive directory service in the cloud, offers Active Directory Integration to sync AD identities with virtually all IT resources, and requires no on-prem hardware or additional networking to do so.
Click here to learn more about comprehensive user management with JumpCloud.