Enterprise organizations around the world rely on Microsoft solutions to run their business. To ensure organizations are able to keep workers productive and secure, SailPoint integrates with Microsoft Azure Active Directory providing the intelligence of AI-driven identity governance. This combination streamlines and accelerates the delivery of access to users, spots risky access not visible with human eyes, and recommends if access should be granted or not.
This integration extends Microsoft’s risk-based identity and access management protection services by providing automated access certifications, access requests, separation of duty policies, role management and audit reporting.
In addition, IT teams can provision fine-grained user access to apps and systems across a hybrid environment. Access policies and roles help ensure access is appropriate for each individual and prevents over provisioning and unnecessary security gaps.
“SailPoint brings a pedigree of high customer satisfaction and innovation to the market, and we’re happy to be working with such a leader in the industry,” said Matt Renner, Microsoft President of US Enterprise Commercial. “Together, we will bring to our joint customers the secure cloud platform global enterprises now required to safely drive their businesses forward.”
Here’s how the integration works:
Identity and context synchronization
The first step in enabling advanced access governance is to synchronize the Azure AD view of users and their access to applications with SailPoint. This is performed using a direct connector that automatically aggregates user accounts, group permissions, and Microsoft Access Panel tiles and maps each of these to the SailPoint Identity Cube. It also provides the basis for SailPoint to send change events back to Azure AD when access is modified during a governance mitigation process.
In addition SailPoint provides AI-driven identity governance over all data, onpremises and cloud applications including all Microsoft platforms such as Azure, Azure AD, SharePoint, OneDrive, Teams, Office 365, and Outlook. This creates a 360-degree view of all access in the organization and creates a strong foundation for comprehensive control.
Access request and lifecycle events
SailPoint Predictive IdentityTM provides AI recommendations to help respond to access requests, giving users control and freeing your IT team to work on more strategic projects. The integration of SailPoint with Azure AD adds support for intelligent self service access requests and approvals to any application or corporate resource. Additionally the integration propagates AI-driven, policy based access changes based on employee lifecycle events like join, move, or leave across all applications (cloud or on-premises) to ensure that access is granted according to business policy. This includes all types of users such as partners, vendors, nonemployees such as contractors and even bots.
In both cases, the SailPoint-Microsoft combination enables end-to-end coverage of all provisioning events with full synchronization of access changes to the Microsoft Access Panel.
Simplify compliance management
Using SailPoint’s AI-driven identity, you can spot questionable user access and quickly perform automated access reviews and certifications for one to many identities; preventing over-provisioning and entitlements that can lead to risk.
SailPoint’s access certifications combine data collected from the identity and context synchronization process described above with account and entitlement data from all application sources to create a single view of all access. That allows a fully automated access review process to be initiated to business and IT owners. Changes to access that resulted from the access review process are automatically propagated to the Azure AD Access Panel.
Separation of Duty (SoD) policies enable you to prevent toxic access combinations that can lead to compliance penalties as well as security risk. Defined SoD policies can be enforced during access reviews or access request processes to provide an additional level of policy control.
Automated audit and compliance reporting simplifies the process of demonstrating the effectiveness of the identity controls operating across the organization. This significantly reduces the burden on IT operations teams and improves visibility for the business.
Self-service password reset extension
In addition to the governance capabilities described above, the integration with SailPoint enables an important password management use case – the combined solution can automatically propagate an Azure AD password change to all connected systems in SailPoint that share a common password policy. This allows a user to change their password once in Azure AD and have it synchronized across a wide variety of on-premises and cloud-based systems.
Seamless transition from Active Directory to Azure Active Directory
Moving from legacy to cloud is not always easy and is the same when transitioning from Active Directory to Azure Active Directory.
While in a transitioning phase or supporting a hybrid model, SailPoint provides full integration between Active Directory and Azure Active Directory to manage users, entitlements, licenses and mailboxes. So if you are managing both systems, user, roles along with many objects you can now get in sync and help with a smooth transition to the cloud.
SailPoint gives you a comprehensive view of access to all resources across your multi-cloud infrastructure. From a single dashboard, our AI insights help you make faster, more informed access decisions, detect potential risks and easily enforce access policies for all users
You might also be interested in:
Find out how SailPoint can help your organization.