Managing access of applications not registered on Azure AD using Azure AD Entitlement Management

Copper Contributor

Can Azure AD Entitlement Management help in granting access to applications not on Azure AD? Because some of the applications in an org might not be on Azure AD. Someone told me, it is possible using Sailpoint. I'm not a Sailpoint expert. Hence, if anyone is aware, could you please throw some light on this?

2 Replies
Hi SitaNayak,

No, Entitlement Management cannot grant access to applications that are not on AAD. Entitlement Management encompasses "Assignment to Azure AD enterprise applications, including SaaS applications and custom-integrated applications that support federation/single sign-on and/or provisioning." https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-overview#w....
You can add enterprise applications to AAD easily enough though. https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/add-application-portal

Thanks, Ash

@Ash_Gardiner So, if a service (app) is added to AAD, it can be used as part of the entitlement system? When you do an entitlement review, it will include all the connected applications? 

 

We have to do entitlement reviews for HIPAA. In this process, all users have to be approved by a manager to have access to a system. Would the review show all the systems they have access from the internal and external services in AAD?