Hello! In today’s “Voice of the Partner” blog, Prakash Narayanamoorthy, Principal Microsoft Security Architect for Wipro, explains how his company transformed their identity and access management (IAM) offer while delivering an elevated level of governance and secure access across external identities. Prakash and his team streamlined external access and strengthened security for their customers—all with a new unified Microsoft solution: Azure Active Directory External Identities.
Wipro Limited is a leading global information technology, consulting, and business process services company. We harness the power of cognitive computing, hyper-automation, robotics, cloud, analytics, and emerging technologies to help our clients adapt to the digital world and make them successful. A company recognized globally for its comprehensive portfolio of services, strong commitment to sustainability, and good corporate citizenship, we have over 180,000 dedicated employees serving clients across six continents. With a staff of more than 8,000 security professionals, Wipro has been helping global customers transform their identity and access management (IAM) challenges for more than 20 years.
With most of our customers already in, or migrating to, single or multi-cloud environments, we want to enable them to connect securely from anywhere, and on any device. On-premises IAM solutions often aren’t scalable and can’t address the digital-transformation initiatives now embraced by organizations worldwide. We recognized that today’s evolving threat landscape demands a next-gen IAM solution to keep up with business and security requirements—and we wanted to provide that solution powered by Microsoft Identity.
Figure 1: Today’s B2B ecosystem
In my role as Principal Microsoft Security Architect, I own the Azure and Microsoft 365 security and compliance architecture and consulting charter, as well as go-to-market (GTM) strategies. As part of our Microsoft IAM offerings, we provide end-to-end solutions and services for our customers, who often are suffering from complex, inefficient onboarding and access-governance processes. In many cases, clients were leveraging existing IAM solutions with manual intervention. These legacy approaches don’t provide the agility and visibility across external identities that today’s organizations require.
My team was looking for a framework that would quickly adapt the Azure Active Directory (Azure AD) platform for servicing customers’ partner and guest-user identities in one solution. We wanted something that could provide seamless and secure access for our customers’ external users. In seeking to address their pain points—onboarding, access, identity governance, and secure collaboration—we found the perfect solution in Azure AD External Identities.
By leveraging Microsoft Graph APIs to automate Azure AD External Identities functionalities, we’re able to mitigate our customers’ key challenges around user registration and onboarding. Our application onboarding helps to onboard external-facing single sign-on (SSO) apps quickly and seamlessly.
Figure 2: Azure AD External Identities architecture
In our customers’ previous partner-user and guest-user identity ecosystem, there were multiple legacy SSO solutions used to grant access to applications. Some user identities were stored on-premises, posing potential security risks. Onboarding for external users was time consuming due to the complexity and costs of managing multiple disconnected identity systems. By unifying access with Azure AD External Identities, we’ve reduced complexity and increased agility for our customers—providing them with easy onboarding and secure access for all their external identities.
Wipro now provides an end-to-end solution for our customers’ IAM challenges. With Azure AD External Identities, we’re able to make the external application-onboarding process seamless. Even better, customers can allow guest users access to Microsoft Teams, and through Azure AD they can implement strict controls on how teams are named and classified, as well as who can create them, and whether guests can be added as team members—all with improved overall governance and security.
With Azure AD, we’ve seen a plethora of functionalities stand out as clear differentiators. For example: risk-based authorization via Azure AD Conditional Access, passwordless sign-in, self-service features, and easy options for onboarding external identities—along with strong identity governance through complete access packages and easy recertification. We work closely with the Microsoft engineering team, and we always get timely support to help solve our customers’ IAM challenges. As Sheetal Mehta, Sr. Vice President and Group CISO, Wipro Ltd. explains, “Azure AD External Identities helped us to redefine our external users’ lifecycle management and enterprise applications access, providing secure collaboration and compliance.”
With the Azure AD External Identities approach, we’ve simplified and streamlined onboarding processes for our customers’ external users. There’s easy integration with network delivery controllers; meaning, on-premises apps are secured against external identities. Having Conditional Access with Azure AD Identity Protection helps minimize risks during sign-in and throughout the entire session. With the one-time password (OTP) sign-in feature, we’ve been able to avoid storing external users’ passwords, which improves security controls. Some benefits our customers have experienced include:
Overall, Azure AD External Identities has enabled Wipro to provide our customers with a seamless, integrated security approach, improving their enterprise security and compliance posture in one solution. Even better, Azure AD External Identities is now free to organizations with at least 50K users.
I hope Wipro’s account of adopting Azure AD External Identities to streamline IAM for their customers provides you with ideas for your organization. To learn more about our customers’ experiences, take a look at the other stories in the “Voice of the Partner” series.
Learn more about Microsoft identity:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.