Identity and context synchronization The first step in enabling advanced access governance is to synchronize the Azure AD view of users and their access to applications with SailPoint. This is performed using a direct connector that automatically aggregates user accounts, group permissions, and Microsoft Access Panel tiles and maps each of these to the SailPoint Identity Cube. It also provides the basis for SailPoint to send change events back to Azure AD when access is modified during a governance mitigation process. In addition to this, SailPoint will connect to applications managed outside of Azure AD, including on-premises applications like EPIC, which is widely used in healthcare. This creates a 360-degree view of all access in the organization and creates a strong foundation for comprehensive control. Access request and lifecycle events User access request and approval is at the core of any identity management and governance solution. The integration of SailPoint with Azure AD adds support for self service access requests and approvals. Additionally the integration propogates access changes based on employee lifecycle events like join, move, or leave across all applications (cloud or on-premises) to ensure that access is granted according to business policy. In both cases, the SailPoint-Microsoft combination enables end-to-end coverage of all provisioning events with full synchronization of access changes to the Microsoft Access Panel. Identity governance – certification, segregation of duty policies, and more A key component of strong identity governance is the ability to review access on a regular basis. The integration provides a simple and effective way to automate the entire access certification process. SailPoint's access certifications combine data collected from the identity and context synchronization process described above with account and entitlement data from all application sources to create a single view of all access. After that, a fully automated access review process can be initiated to business and IT owners. Changes to access that resulted from the access review process are automatically propagated to the Azure AD Access Panel. Another important governance control is the ability to enforce SOD policies throughout a user's lifecycle with an organization. SOD policies can be defined and enforced by SailPoint during access reviews or access request processes to provide an additional level of policy control. SailPoint also delivers audit and compliance reporting that demonstrates the effectiveness of the identity controls operating across the organization. This significantly reduces the burden on IT operations teams and improves visibility for the business. Self-service password reset extension In addition to the governance capabilities described above, the integration with SailPoint enables an important password management use case – the combined solution can automatically propagate an Azure AD password change to all connected systems in SailPoint that share a common password policy. This allows a user to change their password once in Azure AD and have it synchronized across a wide variety of on-premises and cloud-based systems. We're excited to bring this partnership to you and want to hear your feedback. Leave your comments below and reach out to us via Twitter! As always, we're listening. Best regards, Alex Simons (Twitter: @Alex_A_Simons ) Director of Program Management Microsoft Identity Division
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.