For a truly complete solution, most organizations need a way to govern employee and business partner access to resources at enterprise scale. Azure AD entitlement management removes barriers to internal and external collaboration by automating employee and partner access requests, approvals, auditing, and review for Office 365, for thousands of popular SaaS apps like Workday, Google Apps, and Salesforce.com as well as any line of business app.
With the rapid adoption of SaaS apps and cloud services by business units, many central IT teams don’t have the knowledge to know which access rights which users should have. They must delegate management of access approvals and review, for example, having someone in the sales department determine what access rights employees in the sales team needs while maintaining strong compliance and security policies.
For example, if the Contoso sales division needs to enable more employees to work on sales support, they can create a “Sales support” access package, which includes the relevant memberships in Office 365 and Azure AD security groups, Microsoft Teams, role assignments in SaaS apps such as Salesforce, roles in their own apps, and access to SharePoint Online sites. They can configure policies to include who can request this access package, who must approve, and how long the users who request will have access to these specific resources.
When an employee requests an access package and their request is approved, the employee is automatically provisioned access to the groups, apps, and other resources in the access package. Based on feedback from customers during the preview, we added more options for workflow—such as having the user's manager as the approver—and will continue to expand the workflow choices for scenarios such as multi-stage approval.
Azure AD entitlement management works with Azure AD B2B to enable collaboration across business partners. Employees from a business partner can request access to resources using the same access packages and our policy engine, including provisioning their accounts upon approval by a business sponsor. This makes it simple to grant access to a specified set of resources for your business partners while knowing your processes are compliant and secure.
Regardless of how a user got access, their access rights are automatically removed when the access package assignment expires, so you don’t need to remember to remove it manually when a project is done.
Here’s what one customer had to say about the feature:
"This solution proves valuable both to our IT teams and all the users who are trying to collaborate. The solution is easy, quick, and agile, all while requiring minimal involvement from our IT team and being properly (if not better) controlled." —James Simms, Senior Solutions Architect for Centrica
Entitlement management is an Azure AD Premium P2 feature, part of Enterprise Mobility + Security (EMS) E5.
To learn more, watch these recordings from Ignite:
Please let us know what you think in the comments below. We look forward to hearing from you!
Alex Simons (@Alex_A_Simons)
Corporate VP of Program Management
Microsoft Identity Division
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.