Executive View

One Identity Active Roles

One Identity Active Roles is a powerful tool for integrated management of both on-premises Microsoft Active Directory and Microsoft Azure Active Directory. It comes with strong support for managing Exchange Servers and Office 365, but also Identity Lifecycle Management that supports a range of non-Windows and SaaS applications.

Martin Kuppinger

mk@kuppingercole.com

1 Introduction

Digital identity is a critical business-enabling technology for all types of organizations, including Small to Mid-Size Businesses (SMBs). However, as is borne out by cybercrime reports year-after-year, digital identity is also a primary vector through which SMBs are attacked. Many SMBs lack a fully staffed IT department to handle the complexities of deploying, maintaining, and securing complex IAM solutions. This is a factor fueling the need for targeted solutions that support these businesses in managing their environments.

The risks of not having well-maintained and secure IAM solutions - can be great, ranging from lower productivity associated with password resets and incorrect entitlements; loss of data such as employee and customer PII; loss of trade secrets and other valuable business information; diminished revenue from reputation damage and fraud; to unwittingly becoming a vector of attack to other members in a supply chain. Many managers and owners naively assume that they are too small to be attacked by malicious actors, but cybercrime studies show that organizations of all sizes are increasingly targeted because of the perception that they are less secure than larger organizations.

Organizations can have a variety of use cases and technical requirements they need to meet with IAM. Regarding use cases, everyone needs B2E IAM, many need B2B, and some need B2C. Consider B2E, where most will have Microsoft Active Directory in place. Many organizations also utilize various cloud-based SaaS applications but do not have the IAM functions centralized or even under control. Furthermore, with a very significant ratio of organizations utilizing Microsoft 365 including Office 365 and thus having Microsoft Azure Active Directory (Azure AD) in place, a unified approach for managing these services is required.

For all organizations, getting a grip on the environments such as Microsoft Active Directory and Azure AD requires capabilities beyond what enterprise-grade IGA (Identity Governance and Administration) tools commonly deliver. The in-depth management of Active directory, Azure AD, and related environments demands specific capabilities, such as the in-depth management e.g. of SAP environment also does. Thus, there is a place for such solutions in combination with full-blown IGA tools.

A sometimes-overlooked capability is that IAM systems can aid in regulatory compliance. Under the General Data Protection Regulation (GDPR) in the EU, collecting clear and unambiguous consent from consumers for the use of their data is necessary for compliance. Well-designed IAM solutions can enforce and help demonstrate compliance with regulations that require segregation of duties, i.e. SOX in the US.

There are three major categories of functions within IAM to look at:

Identity Administration: The ability to administer identity lifecycle events including provisioning/de-provisioning of user accounts, maintaining identity repositories, managing access entitlements, and synchronization of user attributes. A self-service user interface allows for requesting access, profile management, password reset, and synchronization. Configurable cloud-native connectors offer automated user provisioning to both on-premises as well as SaaS applications. Other common identity administration capabilities include administrative web interface, batch import interface, delegated administration, SPML, and SCIM support.

Access Management: This category includes authentication, authorization, single sign-on and identity federation for both on-premises and SaaS applications delivered as a cloud service. The underlying support for industry standards such as SAML, OAuth, and OpenID Connect can vary.

Access Governance: This group of capabilities that are frequently absent from the portfolio of entry-level IAM tools centered around AD, given that many organizations only look for an easy-to-use, administrator-centric approach on maintaining Access Governance and enforcing least privilege principles.

One Identity with its Active Roles offers a comprehensive and proven tool for managing identities and access in the environments that are centered around Microsoft Active Directory and with strong support for Azure AD, but also delivering a strong addition to enterprise-grade IGA tools for in-depth management of Microsoft Active Directory and Azure AD.

Continue reading...
Read the full report and get access to KuppingerCole Research for 4 weeks.
Start Your Free Trial
Already a subscriber? Click here to login.