Microsoft has worked closely with their largest customers in highly regulated industries like healthcare, financial services etc., helping them to successfully deploy and actively use Azure AD Premium. Because of this close partnering, in order to meet their unique security and compliance requirements, they need some pretty advanced access governance controls across their on-premises and cloud resources, in addition to the industry leading identity management and security they get with Azure AD Premium.
Microsoft was thrilled to announce their technical collaboration with SailPoint, a proven leader in identity governance. SailPoint’s identity governance capabilities, combined with Azure AD’s secure access and risk-based identity protection, will help cover the most demanding security and compliance needs of our joint customers. The SailPoint integration extends Azure Active Directory Premium to provide full, fine-grained provisioning and lifecycle governance across enterprise systems on-premises and in the cloud.
Here is how integration works through the lens of a few very specific scenarios
Identity and context synchronization
The first step in enabling advanced access governance is to synchronize the Azure AD view of users and their access to applications with SailPoint. This is performed using a direct connector that automatically aggregates user accounts, group permissions, and Microsoft Access Panel tiles and maps each of these to the SailPoint Identity Cube. It also provides the basis for SailPoint to send change events back to Azure AD when access is modified during a governance mitigation process.
In addition to this, SailPoint will connect to applications managed outside of Azure AD, including on-premises applications like EPIC, which is widely used in healthcare. This creates a 360-degree view of all access in the organization and creates a strong foundation for comprehensive control.
Access request and lifecycle events
User access request and approval is at the core of any identity management and governance solution. The integration of SailPoint with Azure AD adds support for self service access requests and approvals. Additionally the integration propagates access changes based on employee lifecycle events like join, move, or leave across all applications (cloud or on-premises) to ensure that access is granted according to business policy.
In both cases, the SailPoint-Microsoft combination enables end-to-end coverage of all provisioning events with full synchronization of access changes to the Microsoft Access Panel.
Identity governance – certification, segregation of duty policies, and more
One key component of strong identity governance is the ability to review access on a regular basis. The integration provides a simple and effective way to automate the entire access certification process.
SailPoint’s access certifications combine data collected from the identity and context synchronization process described above with account and entitlement data from all application sources to create a single view of all access. After that, a fully automated access review process can be initiated to business and IT owners. Changes to access that resulted from the access review process are automatically propagated to the Azure AD Access Panel.
Another important governance control is the ability to enforce SOD policies throughout a user’s lifecycle with an organization. SOD policies can be defined and enforced by SailPoint during access reviews or access request processes to provide an additional level of policy control.
SailPoint also delivers audit and compliance reporting that demonstrates the effectiveness of the identity controls operating across the organization. This significantly reduces the burden on IT operations teams and improves visibility for the business.
Self-service password reset extension
In addition to the governance capabilities described above, the integration with SailPoint enables an important password management use case – the combined solution can automatically propagate an Azure AD password change to all connected systems in SailPoint that share a common password policy. This allows a user to change their password once in Azure AD and have it synchronized across a wide variety of on-premises and cloud-based systems.
For more information call MessageOps at 877-788-1617 or email email@example.com