AD Group Proposal

AD Group owners meeting summary:
we will have these AD group names ( all owned by Nishit)
everbright_technology_users (the members will include everyone in Technology) will give access to all environments approved by DL-Everbright-Technology-Approvers
everbright_support_users (the members will include customer success) will give access to production and onboard for myeverbright and engine approved by DL-Everbright-Support-Approvers
everbright_users (the members will include all of everbright minus technology minus Customer success) will only give access to production myeverbright and production engine approved by DL-Everbright-User-Approvers
the approvers of each AD group will be a DL email list consisting of all managers in that department
In order to add a new member to any AD group (ie in order for a new employee to get access to engine/app-dev/app-qa) that new hire or their manager will have to create an IT4U request, IT will then reach out to that DL list and when approved then that new hire will be added to the AD group
the AD groups will be in OU FPLRestrictedGroups in FPLU domain as Universal groups. They will be privileged/restricted AD groups
I will send a csv to IT with all the existing users needed when creating these groups
edit: users will still have to create users through the normal process

Who will be approvers of the AD groups? Each AD group will have a DL email list. Anyone on that DL email list will be able to say yes to adding a new member. We will need to communicate with people that this is how they can access engine.

We will have three AD groups. Being in just one of these three groups will get you access to engine.

Dev access: everbright_platform_technicians (this will include all of technology team)

QA Access: everbright_platform_technicians (this will include all of technology team)

Onboard and mirror access: everbright_customer_testers (this will include all of customer success), everbright_platform_users (maybe grant them QA access depending on the lift)

Engine access: everbright_production_only_users (this will include all of everbright minus technology minus Customer success), everbright_testing_users, everbright_platform_technicians

Discussion:

[VP]do all owners get an email for approval?

[EB] Yes, all of these people will get an email.

Approvers and owners should be the same thing.

We can only have two owners per AD group

[WM] can we automate addition

[VP] could automatically add it

[EB] we can have multiple approvers, but only one owner. everyone gets an email if we go through a request through IT.

[EB] we can create a DL for all the approvers for each the of the AD groups and put that in the notes.

[MS] do we not want to create an AD group for each manager? – A: we should not do that…

AD groups: * everbright_platform_technicians approvers: * Zach Tanenbaum (ZXT0J08) * Tim Marchese (TXM0THM) * Ella Dzenitis (EXD0K5I) * Nishit Patel (NXP0431) * David Sabeti (DXS0FQW) * Avery Hunt (AXH0Q13) * Jacob Miles (JXM029Y) * Kyle Tessier-Lavigne (KXT0ONL) * Ty Brockhoeft (TXB0ON0) * Geoffrey Moore (GHM0KI2) * Joseph Dormelus (JXD018Q) * David Villagra (DXV0VE4) * Kate Lynn Kaynak (KXK0C6R) * Eric Schulte (EXS0DI8) * Carlos Gillett (CXG07IB) * Sai Pruthvia Devanapally (SXD06JS) * Samantha Abigail Lieberman (SXL0W7O) * Ryan Izuno (RXI06AD) * John Peter Liska (JPL0ARL) * Livia Anne Abuls (LXA0Y7N) * Misty Lynn Leiter (MXL08TJ) * everbright_customer_testers * Anne-louis seaboury (ALS0E3O) * Miriam Mendoza (MXM0E2D) * Julio Quesada (JAQ0KTB) * Julie Nicholas (JSN0NXY) * Herve Woods (HCW0OBO) * Alexander Cuesta (AXC01YI) * Cassandra Mercado (CXM059L) * Deanna Collier (DXC066H) * Logan Teague (LXT0VOL) * Pablo Estrada Vargas (PEE0P86) * Samantha Martinez (SXM064I) * everbright_production_only_users * Jason Wasserman (JXW0KG7) * James Heath (JSH0L9S) * Christopher Strain (CXS0X9E) * Bryce Barnett (BXB0AHB) * Brian Wang (BXW04Y4) * Aileen Kozlowski (AXK0W67) * Emilio Berkowitz (EJB0PSX) * Paige Hoehl (PXB01RK) * Melissa Bruni (MRB0OQ5) * David Ellis (DXE0Z1J) * Eric Phifer (ECP0XOI) * Frank Timothy LoCascio (FTL0F86) * Chad Dahlgren (CXD016G) * Tehilla Gallagher (TDG07IL) * Nancy Sloane (NNS0BW4) * Alice Reeve (AXR0XFL) * Carlos Hinojosa (CXH0TPV) * Ashlyn Brulato (AXB0CCE) * Emile Oexman (EXO0NQ1) * Kristi Traugh (KLT038I) * Victoria Post (VXP0OUE) * Victor Rodriguez (VER0MA8) * Michelle Lee (MXL00OZ) * Prafulla Kumar Cuddalore Patta (PXP0S0W) * Amber Krauss (ALK0WLY) * Mary Leyzeaga Vargas (MRL00WN) * Christopher Merhai (CSM0HXW)

AD Group proposal. We can NOT create nested/umbrella groups due to concerns of their reliability.

Rather, every group will be a backup group if our previous groups do not catch the users.

A backup group means that if a user is not in one of our existing groups, we can still use that group to grant them access.

We will use the following structures:

Dev access: everbright_dev_users (backup group), everbright_github_users,

Onboard access: everbright_onboard_users (backup group), everbright_github_users,

Engine access: everbright_engine_users (backup group), DL-EverBright-Team, everbright_github_users, everbright_onboard_users

AD group proposal. We will create three new umbrella groups.

Each umbrella group will provide the following access:

everbright_dev_users will allow users to get into app-dev

everbright_onboard_users will allow users to get into onboard

everbright_all_users will allow users to get into prod

everbright_dev_users group will be an umbrella of all of the following groups:

everbright_onboard_users group will be an umbrella of: 

everbright_all_users will be an umbrealla of(add any user directly here):