Lead Image © amasterpics123, 123RF.com
Identity Governance regulates access control in Azure AD
Right Rights
Besides internal corporate users, Azure Active Directory (AAD) is increasingly seeing access by suppliers, partners, and external developers. If your own identities and external partners are stored in one directory, collaboration across a diverse range of applications becomes easier but managing the various authorizations more complex. Azure identity governance comes in handy in these cases.
Access management and processes that support the lifecycle are of interest even in companies that aim for little or no collaboration in the cloud. For example, employees often move between departments within a company, collecting different authorizations in the process, such as access to marketing repositories, insights into various training courses, or information on budget planning for previous years. Next, they might switch to a sales role, where they gain insights into customer relations information. Rarely does a clean-up take place after a role change. If the corresponding user account is hijacked by attackers, they can gain access to all of this information, which is fatal in the case of administrative accounts. Here, too, administrators retain extensive permissions after setting up systems across different projects.
Azure AD administrators use Identity Governance to regulate access management for resources in the cloud. This function lets organizations bundle resources, assign them to end users, and check access regularly with automatic mechanisms. In AAD, identity governance is split into two parts: the lifecycle of privileges for administrators (Privileged Identity Management, PIM) and Entitlement Lifecycle Management (ELM) for end users. Premium P2 licenses are required for both functions, but a trial license is all you need to test the functionality.
Access Packages
ELM in AAD currently manages groups (both security and Office 365 groups), applications integrated in AAD
...
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Manage guest accounts in Azure Active Directory
Cross-tenant access settings and user-friendly Access Reviews simplify the management of guest accounts in Azure Active Directory. -
Identity and access management with OpenIAM
Identity and access management plays a central role in modern IT infrastructures, with its local resources, numerous applications, and cloud services. We investigate how OpenIAM implements centralized user management. -
Privileged Identity Management in Azure AD
Azure Active Directory privileged identity management provides just enough administration for admins to carry out their work, while minimizing the possibility of security breaches through privileged admin accounts. - RSA Releases Three Security Solutions
-
Azure AD with Conditional Access
Trust is good, but controls are better. As more flexible working models become widespread, the boundaries of the classic perimeter are blurring and softening existing models of trust for adopting cloud software and data storage or running domain controllers or core applications in the cloud.