Wisc Account Administration - Auditing permissions

For Wisc Account Administration (https://email.wisc.edu/admin).... need a way for domain administrators to audit who has access to accounts within a domain. Currently the longer the list of accounts in a domain, the more time it takes to locate who has access to particular accounts, whether for troubleshooting or for identity management (on/off-boarding). Additionally, it makes it difficult to delegate work as changes depend on someone going through account by account to check permissions and make. And, permissions are scattered across a number of panels, making it easy to miss an account or a permission, especially if someone interrupts while doing this. Ultimately this leads to security issues because:

1. It's too inefficient to check regularly.
2. Staff who have left get left on accounts
3. Staff get added by someone else (like the help desk), and then the person who is checking doesn't think to check particular accounts as they didn't add anyone themselves
4. There's no efficient way to look for errors

Permissions include:

1. Linked Accounts
2. Authorized Admins
3. Office 365 Permissions
4. Office 365 Calendar Permissions
5. etc.

So, it may take 20ish clicks or more to check ONE account when one person leaves, multiplied by X accounts.

Ideally this would also be coupled with the ability to make bulk updates to permissions. Integrated Manifest capability?