Solutions for Azure (O365)
Azure Active Directory (AAD) provides identity services for Microsoft’s cloud products. It's widely adopted in organizations since it’s an integral part of the popular Office 365 (O365) platform. Additionally, it provides IdP functionality via its support for SAML, oAuth 2 and OIDC. Identity services for the Azure Cloud platform are also provided by AAD.
Some customers utilize AAD by using the Active Directory synch functionality that is supplied by Microsoft while others opt to manage it as a separate service. For organizations that manage AAD or O365 directly, they need to manage access and related licenses.
Organizations that are utilizing the Azure Cloud platform need to manage access over the platform services. OpenIAM provides a comprehensive solution to each of scenarios described above.
OpenIAM’s Workforce Identity and Access Governance platform includes a comprehensive solution for each of the scenarios described above. The AAD connector leverages PowerShell and in conjunction with the rest of OpenIAM’s capabilities provides the functionalities described below.
User onboarding and offboarding
OpenIAM can manage the joiner, mover, leaver (JML) process so that accounts are created and terminated on time. In the context of O365, OpenIAM manages access to various services and provides control over the assignment of licenses.
Manage cloud entitlements
The AAD platform provides many services, and each has its own set of entitlements. OpenIAM provides:
- A complete view of the access that each user has across the Azure platform including privileged access
- The ability to detect and remediate SoD violations
- Functionality to grant/revoke entitlements and have traceability of how access was granted
OpenIAM can be configured to actively maintain a copy of all access that users have on AAD. In this way, OpenIAM is always current with the data needed to initiate the access certification campaign.
Azure AD authentication
OpenIAM can be configured to support AAD authentication. This allows users to log in to OpenIAM using their AD credentials.
SSO from OpenIAM to AAD
Organizations using OpenIAM as the Identity Provider (IdP) can integrate Microsoft services such as O365, Azure Cloud, and SharePoint with OpenIAM to enable single sign-on (SSO).
SSO from AAD to OpenIAM
For organizations that opt to use AAD as an IdP, the OpenIAM self-service and admin portals can be configured as service providers so that authorized users can SSO into OpenIAM.
A single instance of OpenIAM can manage multiple AAD tenants.
Managing identity can be complex. Let OpenIAM simplify how you manage all of your identities from a converged modern platform hosted on-premises or in the cloud.
For 15 years, OpenIAM has been helping mid to large enterprises globally improve security and end user satisfaction while lowering operational costs.