Skip to content

Cross-forest authentication with Thinfinity: secure multi-domain access

Introduction 

In modern enterprises, IT environments often span multiple Active Directory (AD) forests, hybrid cloud platforms, and external identity providers (IDPs) such as Azure Entra ID, Okta, and PingID. Securely managing authentication across these disparate environments is a critical challenge for CIOs, CISOs, and IT administrators.

Thinfinity provides a powerful Cross-Forest Authentication solution through Global Account Mapping, ensuring seamless user authentication across multiple domains while maintaining a Zero Trust Security Model. This article explores how Thinfinity achieves secure cross-domain authentication, leveraging 2FA, external IDPs, and directory federation.

 
 

What is cross-forest authentication?

Defining active directory (AD) forests

An Active Directory forest is the highest-level security boundary in a Windows Server environment. Multiple forests can exist within an organization due to:

  • Mergers & Acquisitions: Different companies with separate AD infrastructures.
  • Security Segmentation: Isolating user groups or business units.
  • Geographic Distribution: Multiple regional offices managing separate IT infrastructures.
 

Challenges in cross-forest authentication

Cross-forest authentication becomes a challenge when users need to access resources outside their native AD forest. The main obstacles include:

  1. Credential Duplication: Users often require separate accounts for each domain.
  2. Lack of SSO (Single Sign-On): Logging into multiple domains requires multiple authentications.
  3. Security Risks: Traditional authentication mechanisms expose organizations to credential theft and privilege escalation attacks.
  4. Limited Integration with Modern IDPs: Many enterprises are moving to Azure Entra ID, Okta, and other cloud IDPs but still require legacy on-premises AD integration.

Cross-Forest Authentication Challenges

Cross-forest authentication challenges: credential duplication, lack of SSO, security risks, and limited IDP integration (Azure Entra ID, Okta)

The need for a secure cross-forest solution

To address these issues, organizations require:

  • A unified authentication mechanism that works across AD forests.
  • Seamless integration with cloud IDPs like Azure Entra ID, Okta, OneLogin, and ForgeRock.
  • Zero Trust Network Access (ZTNA) principles that ensure users only access authorized resources.

This is where Thinfinity’s Global Account Mapping comes into play.

Thinfinity’s global account mapping: How it works

Thinfinity simplifies cross-forest authentication by implementing Global Account Mapping, which associates external user identities with Thinfinity accounts and resource identities.

Step-by-Step Process of Thinfinity’s cross-forest authentication

1. External authentication via IDPs & Federation services

  • Thinfinity supports authentication from Google, Microsoft AD, Azure Entra ID, Okta, DUO, Auth0, ForgeRock, JumpCloud, PingID, and OneLogin. 
  • Supports SAML and OAuth 2.0 for federated authentication.
  • Thinfinity validates the user’s identity against their primary domain.

2. Global mapping of user identities

  • Thinfinity maps the authenticated user from an external domain to the internal AD forest account.
  • This ensures that external and internal users are seamlessly linked.

3. Role-based access vontrol (RBAC) enforcement

  • After authentication, Thinfinity assigns roles based on Active Directory groups or Thinfinity IDP policies.
  • Access is granted only to resources authorized for the assigned role.

4. Authorization for specific resources

  • Thinfinity ensures that only mapped identities can access Active Directory, Local Users, and Database-based User Apps (SQL, MongoDB, etc.).

5. Seamless multi-domain access

  • Thinfinity supports authentication and resource access across Corporate Domains and Secondary Domains.
  • This eliminates the need for users to manage multiple passwords across different forests.
Thinfinity cross-forest authentication: SSO, MFA, RBAC, IDP integration (Azure Entra ID, Okta), secure multi-domain access, and role-based authorization
 

Key benefits of Thinfinity’s cross-forest authentication solution

1. Secure access without VPN dependencies

Traditional VPN-based solutions struggle with cross-forest authentication, often requiring complex trust relationships. Thinfinity eliminates these issues by providing direct browser-based authentication using secure web protocols.

2. Seamless integration with Cloud IDPs & Multi-factor authentication (2FA)

Thinfinity integrates with leading identity providers like:

  • Azure Entra ID
  • Okta
  • PingID
  • OneLogin
  • Google Workspace
  • Duo Security
  • Auth0
  • ForgeRock

This ensures that users can leverage existing identity platforms while securing authentication with MFA (Multi-Factor Authentication).

3. Unified identity management with active directory & external domains

Thinfinity creates a centralized authentication layer, mapping external identities to internal AD resources. This allows:

  • Users to log in once and access resources across multiple forests.
  • RBAC (Role-Based Access Control) enforcement to restrict unauthorized access.
  • Elimination of duplicate credentials across different forests.

4. Support for hybrid and Multi-Cloud environments

Many enterprises run workloads across multiple clouds and require cross-domain authentication for:

  • On-premises Active Directory
  • Cloud-hosted Azure Entra ID
  • Hybrid cloud environments (AWS, GCP, Azure, private clouds)

Thinfinity ensures authentication is seamless across these environments, enabling secure access control.

5. Zero Trust architecture (ZTA) compliance

Thinfinity aligns with Zero Trust principles, ensuring:

  • Least Privilege Access: Users can only access authorized applications.
  • Adaptive Authentication: Based on device, location, and risk analysis.
  • Continuous Monitoring: Tracking authentication events and potential anomalies.
 
Thinfinity cross-forest authentication: SSO, MFA, IDP integration (Azure Entra ID, Okta), hybrid cloud support, and Zero Trust compliance
 

Use Cases

Use case 1: Enterprise deployment of cross-forest authentication

Scenario: Multi-Domain Organization with External IDP

A global enterprise has:
  • Corporate AD Domain (HQ)
  • Regional Active Directory Domains (Europe, APAC, Americas)
  • Cloud-based Azure Entra ID for remote users
  • Okta authentication for contractors
Thinfinity’s solution
  1. Users log in using Okta/Azure Entra ID credentials.
  2. Thinfinity maps external users to their corresponding AD accounts in the primary domain.
  3. Users authenticate once and gain access to all authorized applications.
  4. 2FA is enforced on each log in to enhance security.
  5. Access is logged for auditing and compliance.
Outcome

 Seamless authentication across multiple forests

No password duplication or credential sprawl.

Increased security via MFA and RBAC.

Achieving Seamless Enterprise Authentication

Enterprise cross-forest authentication: Thinfinity enables SSO, MFA, RBAC with Azure Entra ID, Okta, secure access, and audit logging.

Use Case 2: MSP-Hosted applications with customer-managed authentication

Scenario: Multi-Tenant MSP with Customer-Managed IDPs

A Managed Service Provider (MSP) offers hosted applications to multiple customers. Each customer:

  • Manages their own Azure Entra ID or Okta authentication.
  • Requires Single Sign-On (SSO) to access MSP-managed applications.
  • Has users in different Active Directory (AD) domains and requires seamless cross-forest authentication.

Challenges faced by the MSP

1. Multi-Tenant Identity Management
  • Customers do not want to provision separate credentials for the MSP’s environment.
  • The MSP must support authentication via each customer’s existing IDP (Azure Entra ID, Okta, etc.).
2. Secure Access Without VPN or Direct AD Trusts
  • VPN tunnels or Active Directory trust relationships with the MSP.
  • Traditional cross-domain authentication methods increase complexity and security risks.
3. Single Sign-On (SSO) to Hosted Applications
  • Users should authenticate once via their own Entra ID or Okta accounts.
  • They should get automatic access to applications hosted in the MSP’s data center or cloud.

Thinfinity’s solution: Global account mapping for MSPs

Thinfinity enables secure cross-forest authentication and SSO between:

Customer-Managed Identity Providers (Azure Entra ID, Okta, PingID, etc.)

MSP-Hosted Applications

Using Global Account Mapping, Thinfinity:

  1. Authenticates users via their customer-managed IDP (Azure Entra ID, Okta, etc.)
  2. Maps the authenticated identity to a corresponding Thinfinity account in the MSP’s domain.
  3. Grants access to MSP-hosted applications via SSO, enforcing Role-Based Access Control (RBAC).

How it works

  1. User logs into Thinfinity using their existing IDP (Azure Entra ID or Okta).
  2. Thinfinity validates authentication via SAML or OAuth 2.0.
  3. Global Account Mapping links the external IDP user to an internal account in the MSP’s environment.
  4. Thinfinity grants SSO access to the MSP’s hosted applications.

Outcome & business impact

Customers authenticate using their existing credentials—no need to manage extra accounts.

 Seamless Single Sign-On (SSO) to MSP-hosted applications.

 No VPNs or direct AD trust relationships required, reducing security risks.

 Full Role-Based Access Control (RBAC) ensures users access only authorized applications.

Thinfinity’s Global Account Mapping Process

MSP cross-forest authentication: Thinfinity enables SSO, MFA, RBAC with Azure Entra ID, Okta, secure access to MSP-hosted applications

Why Thinfinity is the ideal solution for MSPs

  • Multi-Tenant Ready: Supports customer-managed authentication while centralizing access to hosted apps.
  • Cloud-First Security: Enables Zero Trust authentication across multiple identity providers.
  • Seamless Cross-Forest Authentication: Bridges customer IDPs with MSP-hosted environments.
  • Looking to enable secure SSO for MSP-hosted applications? Thinfinity’s Global Account Mapping provides the best solution for multi-tenant authentication.
 
 

Conclusion

Thinfinity’s Global Account Mapping for Cross-Forest Authentication provides enterprises with a secure, scalable, and seamless solution for managing authentication across Active Directory forests and external identity providers.

By integrating Azure Entra ID, Okta, and other IDPs, Thinfinity eliminates the complexities of cross-domain authentication while enforcing Zero Trust security and Multi-Factor Authentication.

With Thinfinity, enterprises can modernize their authentication strategy, ensuring users can securely access resources across all domains, clouds, and hybrid environments.

Key takeaways:

Supports Cross-Forest Authentication without VPNs

Seamless Integration with External IDPs (Azure Entra ID, Okta, DUO, etc.)

Role-Based Access Control (RBAC) & MFA for Security

Zero Trust & Secure Web Access Model

Improves IT Efficiency by Eliminating Credential Duplication

 

About Cybele Software Inc.
We help organizations extend the life and value of their software. Whether they are looking to improve and empower remote work or turn their business-critical legacy apps into modern SaaS, our software enables customers to focus on what’s most important: expanding and evolving their business.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

Nord Security 推出 NordStellar 全新的企業威脅管理平台

領先的網絡安全公司 Nord Security 宣佈推出 NordStellar,是一款全新的威脅暴露管理平台(Threat Exposure Management Platform)。

由市場領先的 VPN 解決方案 NordVPN 的開發團隊設計,這款企業級網絡威脅暴露管理平台可幫助企業檢測並應對網絡威脅、保護數據存取、保障帳戶安全、防範詐騙,並降低勒索軟件攻擊的風險。

NordStellar 產品負責人 Vakaris Noreika 表示:「企業通常在數據外洩後才發現問題。此外,監控外部網絡威脅需要投入大量時間和人力資源。NordStellar 讓企業能縮短數據外洩的檢測時間,利用自動化監控節省資源,並降低企業面臨的風險。」

企業遭受網絡攻擊的威脅日益加劇

針對企業的網絡攻擊數量正以驚人的速度增長。根據最新統計,勒索軟件攻擊激增,目前已佔所有資料洩露事件的近四分之一。2023 年,針對身份的攻擊次數增長了 71%。此外,網絡犯罪分子如今經常濫用有效帳戶,這類事件已佔所有事故的 30%。

Noreika 強調,黑客如今不需要尋找複雜的方法來入侵系統,他們只需搜索可能已經在暗網上流通的憑證即可。這種風險正是 NordStellar 能有效緩解的。

NordStellar 如何為企業提供效益

NordStellar 為員工、品牌和企業安全提供全面的保護與暗網監控。它通過降低勒索軟件風險、防止帳戶被盜用、識別惡意軟件暴露、檢測受損憑證以及保護員工免受身份盜竊的威脅,提升企業抵禦網絡攻擊的能力。

「這一新平台使安全團隊能夠在網絡威脅針對企業前採取行動。這種多層次的方法可以迅速識別和減輕內部及外部威脅,從而增強企業的整體網絡安全水平。」Noreika 表示。

 

關於 NordStellar

NordStellar 是一款威脅暴露管理平台,讓企業能在威脅升級前檢測並應對網絡威脅。作為平台和API 提供,NordStellar可洞察威脅行為者的活動及其對受損數據的處置方式。NordStellar 由Nord Security 設計,該公司以其全球知名的數碼私隱工具 NordVPN 而聞名。

關於Version 2

Version 2 Digital 是立足亞洲的增值代理商及IT開發者。公司在網絡安全、雲端、數據保護、終端設備、基礎設施、系統監控、存儲、網絡管理、商業生產力和通信產品等各個領域代理發展各種 IT 產品。透過公司龐大的網絡、通路、銷售點、分銷商及合作夥伴,Version 2 提供廣被市場讚賞的產品及服務。Version 2 的銷售網絡包括台灣、香港、澳門、中國大陸、新加坡、馬來西亞等各亞太地區,客戶來自各行各業,包括全球 1000 大跨國企業、上市公司、公用事業、醫療、金融、教育機構、政府部門、無數成功的中小企及來自亞洲各城市的消費市場客戶。

Inside a hackers’ playbook for 2025: What to watch for

 

Summary: We spoke with Mary D’Angelo about how “moving left of the boom” in the cyber kill chain can help your business stay secure.

Why can unskilled cybercriminals now run sophisticated attacks? Will cybercriminals outpace us in an AI arms race? And what is the next big thing in cybersecurity in 2025?

We asked Mary D’Angelo, a threat intelligence and dark web expert, for her insights on emerging cyber threats and how businesses can prepare to protect themselves.

The interview’s highlights

  • AI and cybersecurity in 2025: 2025 is definitely going to be an AI arms race, with cybercriminals versus us.
  • Key industries under attack: Financial, healthcare, and manufacturing will still be the hardest-hit sectors.
  • The kill chain, cybercriminal tactics: Cybercriminals often follow the cyber kill chain, starting with gathering intel and ending with data exfiltration.
  • Moving “left of boom” with threat intelligence: Threat intelligence lets you disrupt attacks during the reconnaissance phase before they escalate.
  • The importance of proactive defense: No business is too small to be attacked, so businesses should make it more difficult for cybercriminals.

Cyber threats in 2025

Key insight #1: 2025 is going to be an AI arms race, with cybercriminals vs. us

NordLayer: As we closed 2024, what was the most common cyber threat?

Mary D’Angelo: The most common threat has been ransomware and other financially motivated attacks, a trend that is likely to continue in 2025. These attacks will become even more common because of the lower barrier to entry. Now, even relatively unskilled hackers can access different tools, like AI and malware, to run sophisticated attacks.

An example of this is the Lockbit source code leak that happened early in 2024. Many cybercriminals gained access to it, made minor tweaks to the code, and then deployed it onto their victims’ networks.

NordLayer: Gartner predicts that 25% of breaches will involve AI by 2028. What are the emerging threats in 2025 we should brace for, in your opinion?

Mary D’Angelo: I saw that stat, too, and I thought it was a really, really low number. From the research that I’ve done and the attacks that I’ve seen, most already include some level of AI. So by 2028, I think most attacks, not just 25%, will be using AI. 2025 is definitely going to be an AI arms race, with cybercriminals versus us.

Deepfakes will definitely be a huge one. Fake videos will be mostly used for social engineering tactics, and even phishing attempts will be automated by AI. For example, the content of phishing emails will seem much more authentic.

Another thing is AI-powered malware. It’s very sophisticated and can evolve based on the environment it’s in, making it harder to detect and neutralize.

There are also AI-poisoning tactics. As the name suggests, these involve manipulating AI models in security systems so that they produce incorrect results in cybersecurity operations. It’s a bit like the cat-and-mouse game, really.

 

NordLayer: These AI threats mean companies need to be more proactive. With cybercrime expected to cost $13.82 trillion by 2028, which industries will be hit hardest next year?

Mary D’Angelo: I think it’s the same as in 2024, so financial, healthcare, and manufacturing. Financial because it’s the most lucrative. Healthcare is often low-hanging fruit. Threat actors know it is stretched thin without the budget and resources to adopt better tools. However, healthcare has incredibly valuable data, which will always be a target. Manufacturing is at risk, too, mostly due to shadow IT and legacy systems. The infrastructure is often outdated, making it easier for threat actors to exploit.

However, there are attackers with a moral code. Some won’t target hospitals because of the ethics behind it. But they’ll justify attacking banks and large financial organizations. So, the financial sector will always be a top target.

Key insight #2: Bad actors typically use the cyber kill chain approach to carry out attacks

NordLayer: How do cybercriminals typically plan their attacks?

Mary D’Angelo: When you say cybercriminals plan their attacks, I think that gives them too much credit. They’re usually financially motivated, opportunistic, and sporadic. They’ll do research on who they want to target, but it’s not incredibly thorough because they look for the easiest prey and easy money.

NordLayer: And what tactics do cybercriminals use?

For their reconnaissance, they’ll go into the dark web, where many initial access brokers sell credentials at a decent price. But they follow what is called the cyber kill chain. It’s like the steps a threat actor takes to achieve their objective. The kill chain is basically six or seven stages, but it always starts with gathering intel. Then you have weaponization, where you develop the weapon you plan to use. Then, you have your command and control stage. Finally, data exfiltration or the attack.

NordLayer: The cyber kill chain is the hackers’ playbook, right?

Mary D’Angelo: Yes, the MITRE ATT&CK framework does a great job of defining the tactics a threat actor uses when trying to exfiltrate data from a network. Cybercriminals often don’t deviate from their playbook because it works. As the saying goes, if it ain’t broke, don’t fix it. They’ll try new approaches only when access is taken away from them, forcing them to start over.

It’s unfortunate, but organizations often fall behind because they lack the resources to implement better detection and response tools. Smaller organizations, including hospitals, don’t have those resources and hence are more vulnerable.

NordLayer: Given the threats and hacker tactics we’ve just discussed, what are the top 5 challenges businesses face this year?

Mary D’Angelo: Patching, technical debt, and legacy systems will be big challenges. Cloud security is still in its infancy for many organizations, so we’ll need to work on it collectively. Exposed and misconfigured vulnerabilities within systems also need attention.

Threat-specific responses

Key insight #3: “Moving left of boom” lets you stop attacks before they start.

NordLayer: How can threat intelligence solutions and security solutions work together to prevent cyber threats?

Mary D’Angelo: When it comes to threat intelligence, there are three buckets: tactical, operational, and strategic. If these three work alongside security operations, they can help you be more defensive rather than constantly reacting at the last minute. This way, you’re not always on the edge of your seat when threats or attacks come in.

Tactical threat intelligence helps security operations by providing background on indicators of compromise and ongoing threats. Strategic threat intelligence is about planning for the year. Executives will identify the ransomware groups more likely to target their organization and their tactics, then build a defense plan for the year to stay strong against them. Operational intelligence is about the day-to-day, ensuring your business has the right intel to respond effectively.

Most security tools don’t alert you until stages two or three of the kill chain. The advantage of dark web intelligence and threat intelligence is that you can be alerted at the very first stage—during the reconnaissance phase. This is when threat actors are doing their research to identify their next victim and how they plan to attack. By catching the threat early, you disrupt the cybercriminal, forcing them to start over with someone else.

That’s why threat intelligence is a powerful tool for organizations if done correctly and made actionable.

NordLayer: Threat intelligence has the power to break this cyber kill chain. How does it work?

Mary D’Angelo: Organizations often track their key criminal groups through strategic threat intelligence. For example, if I were in healthcare, I’d focus on the threat actors targeting the healthcare industry and understand their tactics and techniques. Once I identify these groups, I can set up systems to detect their activity.

A good analyst tracking the right dark web forums and marketplaces might come across an initial access broker selling credentials for a hospital. These brokers are very sneaky—they don’t directly name the hospital but mention the industry and the company’s revenue size. But if you’re sharp, you can identify the target hospital.

Once you know the attack is targeting you, you’re ahead of the game. The broker sells privileged access to the hospital, which could lead to a breach. By spotting this early, you can take action to mitigate the threat.

We always say “move left of boom,” a military term. It’s about getting as far left on the kill chain as possible. Instead of being alerted at stage three, when you’re panicking, you can act early and prevent the attack before it escalates.

NordLayer: So moving to the left of the kill chain also means always upgrading your security?

Mary D’Angelo: Yes, absolutely. Stressing that no business is too small to be attacked is never enough. So gear up for it and make it more difficult for cybercriminals.

NordLayer: Thank you very much for your insights.

Mary D’Angelo is a Cyber Threat Intelligence Solutions Lead at Filigran, where she focuses on democratizing threat intelligence. She started her career at Darktrace before joining Searchlight in 2021.

Outside of work, Mary is dedicated to supporting child safety initiatives through the Innocent Lives Foundation. She’s passionate about sharing her knowledge and continuing to learn as the cybersecurity field evolves.

How can NordLayer help?

Cybersecurity can feel overwhelming, but it starts with building awareness of safe digital practices. From there, focus on easy-to-deploy tools or partner with an MSP or MSSP to protect against opportunistic attacks.

NordLayer is a toggle-ready platform that offers comprehensive security to protect your business. Our solutions include:

We also recommend multi-layered Zero Trust Network Access (ZTNA) policies for stronger network protection. Need help? Our sales team is always ready to guide you every step of the way.

Monitoring the dark web is crucial for staying ahead of threats. This is where NordStellar comes in. It tackles vulnerabilities during the reconnaissance phase of the cyber kill chain.

The platform automates key security tasks, such as:

  • Dark web monitoring to track company-related risks
  • Leaked data management to protect employees and customers
  • Attack surface assessments to identify and mitigate potential weaknesses.

Together, NordLayer and NordStellar provide a proactive, multi-layered defense to protect your business.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

為什麼超過 250,000 家企業選擇 JumpCloud?

How KPIs Help Us Monitor and Optimize Business Performance

Any IT strategist must keep in mind the business goal, so that their technology initiatives are aimed at delivering, rather than services and infrastructure, the added value of reliability and optimal performance that makes them achieve business goals and be more competitive. Read on to understand what KPIs are and how they help us with proper business management.

 

Definition of KPIs

According to Techopedia, un KPI (Key performance indicators) can be anything that an organization identifies as an important factor for the business. Under the principle that “if something is not measured, it is not improved”, a KPI measures results and, from there, if something deserves your attention, take actions to correct, improve and optimize. If your company is in retail, a KPI can be delivery times; in other companies, the sales close rate can be an extremely important KPI.
This means that even though KPI is a business-oriented term, IT strategists need to know what they are and what they are used for in business intelligence.

Examples of KPIs

Importance of KPIs in Business Management

KPIs help us measure progress, identify potential problems, and make decisions. To that end, KPIs must be defined according to a business management framework, with these features:

  • Be quantitatively and qualitatively measurable.
  • Have a goal related to the business.
  • Identify and solve variables in the organization.

To define IT KPIs, first you must understand business goals to align them with the business; then you may define business and type KPIs (financial, operational, sales, IT, etc.). With this, KPIs are written and monitored in real time and periodically.

How tools like Pandora FMS transform real-time KPI monitoring

Being able to measure the business with indicators ensures visibility on business performance, seeking to achieve objectives to be met and even exceeded. With Pandora FMS, it is possible to define custom dashboards with graphs and summaries, for monitoring KPIs in real time.

Example: User Experience (UX) Monitoring

Information centralization allows you to get the same display, streamlining communication and collaboration in your IT team. We invite you to learn about a success story in logistics by applying KPIs, by clicking on this link.

What are KPIs?

Understanding what KPIs are allows you to define them and know how to interpret them for the success of a functional area of the organization and their contribution to the overall success of the organization.

Concept of KPIs as measurable indicators

KPIs are the measures that have been selected to have visibility on organizational performance and are the basis for decision-making aimed at obtaining the expected results. KPIs are monitored and presented on dashboards to understand progress or alerts on an implemented strategy.

Difference between KPIs and general metrics

Even though KPIs and metrics measure performance, there are differences in their concept: KPIs are quantifiable measures to measure performance or progress on key goals for the organization and work as measurable benchmarks for long-term objectives. While metrics are quantifiable measures, they are used for specific business processes at operational level and in the short term.

Relationship between KPIs and the control panels offered by Pandora FMS

In Pandora FMS, from a single platform, you may have graphical interfaces that show KPIs in a visual, intuitive and organized way. You may display real-time data, analyze trends, make informed decisions, and take timely action. Each dashboard may be customized with charts, tables, and other visuals that represent KPIs. That allows KPIs to provide the essential metrics, while dashboards are an accessible and understandable way to visualize and analyze those metrics.

Pandora FMS Dashboard

Types of most common KPIs

One thing we recommend is to consider the best practices of each industry, as they help you identify the possible KPIs applicable to your organization, based on available data and constant monitoring. Some of the most common KPIs are:

  • Financial:
    • In sales, customer acquisition cost (CAC) measures the total cost of acquiring a new customer, including all expenses related to marketing and sales initiatives.
    • The profit margin is used to measure the amount of profit a company makes for each weight earned. This KPI reveals the amount of profit a business may retrieve from its total sales.
    • Cash flow evaluates the company’s ability to generate liquidity, which in turn reflects that it can pay the debts closest to expiration and also allows it to have a sufficient cash margin for possible defaults.
  • Operations:
    • The supply cycle time evaluates the average time from the generation of a purchase order to product reception.
    • Inventory turnover rate measures the number of times inventory is renewed in a defined period.
  • From IT:
    • Network uptime refers to the amount of time an IT infrastructure is operational and accessible. It is one of the most critical for IT management, as it has a direct impact on business productivity and efficiency.
    • Response time is what it takes for an IT team to respond to an incident, from the moment it is reported until it is identified and solved.

How Pandora FMS allows you to configure alerts and see these KPIs in a single dashboard

Pandora FMS platform is conceived to be able to configure alerts and display KPIs in the same dashboard efficiently and intuitively. To do so, the following steps should be followed:

    • alertswill be triggered. This may include incorrect values of a module, specific events, or

SNMP

    • .
    • Choose actions: Configures the actions that will be performed when an alert is triggered, such as sending an email, running a script, or logging an event.
    • Create commands: Defines the commands that will be run on Pandora FMS server when alerts are triggered. You may use macros to customize the parameters of these commands.
    • Assign groups: Define which commands are assigned to specific alert groups.

Once done, widgets (which are GUI elements, graphical user interface, or a small application that can display information and/or interact with the user) are added to the dashboard to display the KPIs you wish to monitor. You may include charts, tables, and other visuals. After adding them, widgets are customized to display the specific data you need, adjusting formatting, time intervals, and other parameters. Also, the dashboard is configured to be updated in real time, allowing KPI remote and continuous monitoring.

How to select the right KPIs

For KPIs to be effective, those that are truly aligned with the organization’s objectives must be appropriately selected. For that, implement KPIs that follow the same line as the company’s goals and strategic objectives.
As we said before, KPIs must add value to the organization, so it is important to know the strategic objectives and goals of your company (or the objectives of a strategic project) in order to define which KPIs make sense, since they must reflect progress towards that goal and its objectives. For example, if you have a manufacturing and distribution company, you should consider the KPIs we mentioned before, such as supply cycle time, inventory turnover rate, as well as production efficiency (percentage of productive time on the production line), total operating costs, delivery fulfillment, among others.

Practical example: selecting KPIs in a managed environment with Pandora FMS

The company Conferma, a provider of virtual payment technology in 193 countries, gives us an example of a selection of KPIs managed with Pandora FMS. For this company, the Confirmation Liquidation Platform (PLC) is fundamental, since it is the engine of reconciliation and liquidation. Monitoring was inefficient and time-consuming, considering multiple database servers, firewalls, load stabilizers, hardware security modules, virtual platforms, and web servers. Real-time display of data and processes was also required. By implementing Pandora FMS, it was possible to have tailor-made software and key database information to define the KPIs and dashboard to inform employees about the current performance metrics of the Conferma business platform, in addition to real-time automation of key performance statistics.

Tools to monitor and analyze KPIs

In management indicator monitoring, business intelligence and artificial intelligence turn out to be powerful tools to streamline the display and analysis of KPI performance, in addition to being able to automate corrective and even preventive tasks, which in sum makes the work of the IT team more efficient and quicker.

Importance of automation and display in KPI management

When leveraging automation for KPI management, data collection and analysis saves valuable time and avoids human error, and real-time insights are always critical in the up-to-date performance view. Automation also contributes to consistency through standardized and clear processes for everyone.
As for display, charts and dashboards are intuitive and clear knowledge material for everyone. Collaboration and communication are streamlined when we all have the same version of what is happening, allowing us to work in a more synchronized and effective way; and, of course, decision-making is done in a timely manner and is based on consistent and reliable information.

Pandora FMS-specific features

Pandora FMS has the capabilities to support your team in real-time display and monitoring of KPIs, such as:

  • Custom dashboard setup is a Pandora FMS feature that allows each user to build their own monitoring page. You may add more than one page, and in there you may add monitoring maps, graphs and status summaries, among other elements.
  • Remote and real-time monitoring, from the same platform, provides a detailed and updated real-time inventory of servers, network hardware, installed software packages, users, routers, etc. In addition, it offers real-time graphics for troubleshooting and performance monitoring. Also, APIs and remote monitoring are of great value for analyzing the state of the infrastructure and networks for a better response from your team.
  • Custom and detailed report generation to evaluate performance, and even from different areas, such as support, time management and projects. Custom reports can also be created with SQL queries. In addition, reports may be presented in different formats, such as HTML or PDF, and then automatically emailed to your customers.

Example of Pandora FMS report on SLA

Practical example of KPIs and their impact

To be clear about the impact of adopting KPIs, what better than a case study of implementing KPIs in a company that uses Pandora FMS:
At Salvesen Logística, logistics operator for food manufacturers and distributors. A tool was required that not only measured technical indicators such as performance, CPU, memory, etc., but also intelligence based on User Experience and business indicators. A probe programmed to simulate user behavior was implemented and every few minutes transactions are made on probes scheduled to emulate user behavior, at the same time transactions are made on the main global IT services for Salvesen customers. This comprehensive monitoring of key KPIs (such as order management, receptions, dispatches) allows you to maintain the expected service levels, in addition to being able to anticipate possible problems before they take place.

Obtained results: Reduced response times and improved SLAs. With Pandora FMS, transactional monitoring of the business has been implemented, reproducing the full cycle through which a message goes by, from when it leaves the customer, until it reaches our mailbox (Office 365, EDI, AS2, FTP, etc.). Pandora FMS has also been integrated with Salvesen’s WMS (Warehouse Management Service) and TMS (Transport Management System) platforms.

The main benefits have been:

  • Early alarms and proactivity management: detection of all service levels before it affects operations, allowing early reaction to tackle the issue, along with an automatic communication system with the employees or customers using template-based alarms (via email or SMS).
  • SLA management for comprehensive quality control of Salvesen Global IT Services. An executive report may be created for the management committee and senior management of the company. Also, SLA management allows you to have the information to be able to negotiate a contract renewal with a supplier.
  • Reduction of the operational load, saving 24% in the operational load of the IT area that previously had to do specific health checks, being able to focus on improvements in products and services for customers.

Conclusion

Business areas are clear about their initiatives and will be influencing decisions about IT initiatives that are aligned with the organization’s goal. You and your team must clearly define the IT KPIs that add value to the company, relying on tools with real-time information and in an intuitive way, in addition to taking advantage of business intelligence capabilities and automation that ensure the timely response of your team.
We invite you to rely on Pandora FMS to optimize monitoring, analysis and decision-making based on KPIs, by:

  • Automatic data collection from multiple sources, such as servers, applications and networks.
  • Alert and notification management, configuring automatic alerts to receive notifications in real time when problems or significant changes in KPIs are detected.
  • APIs to integrate business processes and automate configuration, notification and process management.

Reach out to our team of consultants to help you define KPIs and intuitive dashboard you and your team require.

 

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About PandoraFMS
Pandora FMS is a flexible monitoring system, capable of monitoring devices, infrastructures, applications, services and business processes.
Of course, one of the things that Pandora FMS can control is the hard disks of your computers.

×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×