Companies working in highly-regulated industries, including financial services, healthcare and retail, face challenges with meeting unique security demands and compliance requirements. Enterprises want to streamline IT processes, and they need to govern security and access across today’s hybrid IT environment to enable business growth.
A technical collaboration between SailPoint and Microsoft Azure Active Directory Premium offers customers convenient, streamlined delivery of identity access management and identity governance controls across all platforms and applications, on-premises and in the cloud.
SailPoint extends value to customers by providing identity governance capabilities – including access certifications, access requests, separation-of-duty policy, role management and audit reporting – on top of the risk-based identity and access management protection services delivered through Azure Active Directory.
The SailPoint integration extends Azure Active Directory to provide full, fine-grained provisioning across enterprise systems on-premises and in the cloud. This ensures access is granted and maintained according to established business policy, and delivered securely across all applications and to each user within the organization.
Alex Simons, the Microsoft Corp. Identity Division Director of Program Management, explained how the integration works through the lens of a few specific scenarios in a Feb. 10, 2017, post for Microsoft’s Enterprise Mobility and Security Blog, which is reprinted below and used with permission from Microsoft.
Identity and context synchronization
The first step in enabling advanced access governance is to synchronize the Azure AD view of users and their access to applications with SailPoint. This is performed using a direct connector that automatically aggregates user accounts, group permissions, and Microsoft Access Panel tiles and maps each of these to the SailPoint Identity Cube. It also provides the basis for SailPoint to send change events back to Azure AD when access is modified during a governance mitigation process.
In addition to this, SailPoint will connect to applications managed outside of Azure AD, including on-premises applications like EPIC, which is widely used in healthcare. This creates a 360-degree view of all access in the organization and creates a strong foundation for comprehensive control.
Access request and lifecycle events
User access request and approval is at the core of any identity management and governance solution. The integration of SailPoint with Azure AD adds support for self service access requests and approvals. Additionally the integration propagates access changes based on employee lifecycle events like join, move, or leave across all applications (cloud or on-premises) to ensure that access is granted according to business policy.
In both cases, the SailPoint-Microsoft combination enables end-to-end coverage of all provisioning events with full synchronization of access changes to the Microsoft Access Panel.
Identity Governance: certification, SoD policies, and more
A key component of strong identity governance is the ability to review access on a regular basis. The integration provides a simple and effective way to automate the entire access certification process.
SailPoint’s access certifications combine data collected from the identity and context synchronization process described above with account and entitlement data from all application sources to create a single view of all access. After that, a fully automated access review process can be initiated to business and IT owners. Changes to access that resulted from the access review process are automatically propagated to the Azure AD Access Panel.
Another important governance control is the ability to enforce SOD policies throughout a user’s lifecycle with an organization. SOD policies can be defined and enforced by SailPoint during access reviews or access request processes to provide an additional level of policy control.
SailPoint also delivers audit and compliance reporting that demonstrates the effectiveness of the identity controls operating across the organization. This significantly reduces the burden on IT operations teams and improves visibility for the business.
Self-service password reset extension
In addition to the governance capabilities described above, the integration with SailPoint enables an important password management use case – the combined solution can automatically propagate an Azure AD password change to all connected systems in SailPoint that share a common password policy. This allows a user to change their password once in Azure AD and have it synchronized across a wide variety of on-premises and cloud-based systems.
You might also be interested in:
Find out how SailPoint can help your organization.