In blog post today, Microsoft says it has worked closely with its largest customers to understand their needs. Across industries like financial services and healthcare, customers consistently require identity governance across their cloud and on-premises. Azure AD already provider identity management and security. However, the SailPoint integration means Azure Active Directory Premium customers get a full provisioning and lifecycle governance to enterprise customers on-premises and in the cloud. Microsoft explains the main capabilities of the new partnership, which are available for joint Azure AD and SailPoint customers.
How it Works
Identity and context synchronization – “The first step in enabling advanced access governance is to synchronize the Azure AD view of users and their access to applications with SailPoint. This is performed using a direct connector that automatically aggregates user accounts, group permissions, and Microsoft Access Panel tiles and maps each of these to the SailPoint Identity Cube. It also provides the basis for SailPoint to send change events back to Azure AD when access is modified during a governance mitigation process.” SailPoint will also work with applications outside Azure AD. This is ideal for organizations with on-premises apps. Access request and lifecycle events – “User access request and approval is at the core of any identity management and governance solution. The integration of SailPoint with Azure AD adds support for self-service access requests and approvals.” Identity governance – certification, segregation of duty policies, and more – “A key component of strong identity governance is the ability to review access on a regular basis. The integration provides a simple and effective way to automate the entire access certification process.” Self-service password reset extension – “In addition to the governance capabilities described above, the integration with SailPoint enables an important password management use case – the combined solution can automatically propagate an Azure AD password change to all connected systems in SailPoint that share a common password policy. This allows a user to change their password once in Azure AD and have it synchronized across a wide variety of on-premises and cloud-based systems.”