Least Privilege Permissions (SSP)

This document provides a structured approach to configuring least privilege AD permissions for enabling the miniOrange Active Directory Self-Service Portal (SSP). It outlines the minimum permissions required to securely delegate password and account-related operations without granting Domain Admin or other high-risk administrative privileges.

miniOrange AD Tools follow a Zero Trust and least privilege security model, ensuring that only explicitly required permissions are assigned for each Self-Service Portal capability. This guide helps administrators delegate granular access at the domain or organizational unit (OU) level, reducing the risk of privilege misuse while maintaining secure self-service operations.

The document covers secure delegation for:

Each section clearly defines the required read and write permissions, enabling administrators to align access with operational requirements while preserving Active Directory security boundaries.

By implementing the permissions outlined in this guide, organizations can:

Enforce least privilege access across identity workflows
Minimize exposure from over-privileged service and administrative accounts
Support compliance with security frameworks and audit requirements
Enable a secure, scalable Self-Service Portal without compromising Active Directory integrity

This guide is intended for Active Directory administrators, identity security teams, and IT operations teams deploying miniOrange AD Tools in enterprise environments.

AD Self-Service Portal

AD Management

AD Auditing

Contents

Least Privilege Permissions (SSP)