cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

An example of how you can deploy an Access Package in (Azure AD) Identity Governance!

TomWechsler
MVP

‎Jul 23 2021 07:51 AM - last edited on ‎Jan 14 2022 03:26 PM by

‎Jul 23 2021 07:51 AM - last edited on ‎Jan 14 2022 03:26 PM by

An example of how you can deploy an Access Package in (Azure AD) Identity Governance!

 

Hi Azure / Microsoft365 friends,

 

Before we start with the example, let's first clarify the license issue. In order to work with an Access Package in Azure Active Directory (Azure AD) Identity Governance you need Azure AD Premium P2.

 

The following situation from a customer project:

In my example, I am working with a group in Azure AD. You can also work with Apps or SharePoint Sites. Imagine that a group named "Bitcoin Traders" needs to be managed. It is about managing the members. Who can decide which users can be a member of this group or not? The IT administrator or the owner of the group? In my example, the manager of the Bitcoin Trader team. This person can best decide who can be a member and who cannot. This is where our Access Package comes into play!

 

Let's get started.

 

We start in the Azure Active Directory!

AP_1.JPG

 

I navigate to the groups.

AP_2.JPG

 

Under Members we now see the current members.

AP_14.JPG

 

We go back to Azure AD and click on Identity Governance.

AP_4.JPG

 

Click on Access packages.

AP_5.JPG

 

Click on New Access packages.

AP_6aa.JPG

 

Specify a name and description (Ich arbeite mit dem Standard Katalog mit dem Namen "General").

AP_6a.JPG

 

I now select Groups (as explained at the beginning). Check the box so you can see all the groups. Select the appropriate group.

AP_6.JPG

 

Now we determine whether the role of the new members. In my case, I select member.

AP_7.JPG

 

Which users can perform a request and needs an approval.

AP_8.JPG

 

I select a specific person as Approver. Since the Azure AD users do not have a manager configured in the profile. The approver must also provide a reason for the approval.

AP_9.JPG

 

I now select the person (Ed Jones).

AP_10.JPG

 

One more additional question that the applicant must answer (but it is optional).

AP_11.JPG

 

How long should this Access Package be valid (should be discussed for each company). I do not want an Access Review at this point (I will explain another time ;-).

AP_12.JPG

 

Overview and click create.

AP_13.JPG

 

Now we have the Access Packet.

TomWechsler_0-1627050989118.png

 

Unfortunately the following printscreens are in German, I could not change the language to English. Sorry.

 

Now a user can visit the website https://myaccess.microsoft.com after that he sees the following. Then click on Request access (highlighted in yellow)

AP_15.JPG

 

The following window appears.

AP_16.JPG

 

The person who can give the permission logs on the website http://myaccess.microsoft.com. and click Approve (also in yellow).

AP_17.JPG

 

The following window appears and at the bottom you can decide whether to grant or deny access. In my case approve (in yellow).

AP_18.JPG

 

Back to Azure Active Directory and again to the "Bitcoin Traders" group and see, now "Jon Prime" is a member of this group. BINGO!

AP_19.JPG

 

This is a possible example of using an Access Package in Azure Active Directory (Azure AD) Identity Governance. I absolutely aware that this was now not the absolute ultimate! But I really wanted to share my experience with you.

 

I hope this article was useful. Best regards, Tom Wechsler

 

 

6,344 Views
0 Likes
0 Replies
Reply
0 Replies