Active Directory Group with more than 5K members - Challenges

Hi All,

We have a few AD groups having more than 5K members and these groups represents logical applications which is represented as IT Roles in IIQ.

Do you see any challenges aggregating such large AD Groups and then represented them as IT Roles detected for 5k+ identities?

The groups themselves should not be an issue. Aggregation will query which groups User has and bring its member list across, instead of bring the group and all its membership across in one go.

FYI: I would some caution on how to build the IT Roles. IT Roles are a great abstraction to bundling up multiple access into one container. If you are building them with a 1:1 entitlement to IT role ratio then I would advise not to do this, and just leave the entitlement as-is…

1 Like