Articles in this section

See more

Panel Provider for Microsoft Entra Governance and Identity

Avatar
Bob Bradley (SIDM)
  • Created
  • Updated
Follow

The Panel Provider for Microsoft Entra ID allows data from Entra Identity Provisioning and Entra ID Governance to be scanned and updated from the Identity Panel suite of applications. 

This provider is separate but related to the Panel Provider for Microsoft Entra Directory.

Identity Panel App

The Panel Provider for Microsoft Entra Governance empowers Entra ID customers with the power of the Identity Panel App's Time Traveler and Reporting features.

The Panel Provider for Microsoft Entra Governance includes the ability to:

  • Scan objects and attributes for visualization within the Time Traveler, including:
    • Users and groups provisioned to all non-Microsoft Enterprise Gallery Applications configured for Entra ID App Provisioning (SCIM) integration, including Dropbox, Salesforce, ServiceNow, and more
    • Resource access provisioned under Entra ID Governance for M365 Groups and Teams, Enterprise Applications and SharePoint Sites
  • Scan Entra ID policy and configuration, with visualization surfaced via Contrails, including:
    • Enterprise App Provisioning rules and configuration for Entra ID users and groups (SCIM)
    • Entra ID HR Provisioning rules and configuration for employees and contingent workers
    • Entra ID Identity Governance (IGA) Catalog and Access Package policy and configuration
  • Execute bulk updates to Entra ID IGA Catalogs and Access Packages.

Service Panel App

The Panel Provider for Microsoft Entra Governance adds the ability for Service Panel to create, modify, and remove Catalogs, Access Packages and assigned resources within Microsoft Entra Identity Governance (IGA).

The Panel Provider for Microsoft Entra Governance allows securely authenticated execution of Azure Graph-enabled actions, and this extends to hosted PowerShell scripts, with support for:

  • Requesting Entra ID Access
    • Automation for Access Package assignment
    • Request based creation of Access Packages
    • Request based application assignment
  • Applying Audience based permissions for Entra ID
    • Approval flows for Access Package management
    • Using audiences for delegated access package management
  • Connecting Entra ID to ServiceNow
  • Managing cross/multi-tenant Access Package delegation (e.g. vendor/subsidiary integration)

Access Panel App

While Access Panel is itself a complete Identity Governance (IGA) platform, it can also be used to enhance Entra ID Governance solutions for the more advanced use cases.

With the Panel Provider for Microsoft Entra ID, Access Panel is able to complement an Entra ID IGA solution with the ability to:

  • Orchestrate Access Package Lifecycle (CRUD)
    • Create and manage criteria-based membership in resources (Azure M365 groups, licenses, Entra IGA Connected organizations, Catalogs with assigned Resources, Roles and Access Packages).
    • Create dynamically assigned RBAC Entra Access Packages
    • Enforce separation of duties by Role
    • Assign expiration and renewal policies to Entra Resources
    • Manage Entra ownership and administrator replacement due to employee turnover
    • Manage Entra access granting and revocation due to position changes or termination
    • Configure just-in-time elevation of privilege for high risk and administrative groups and roles
    • Delegate Entra Resource administration to application owners
  • Orchestrate, coordinate and enforce Entra Access Reviews
    • General security principal attestation of users
    • Attestation of compliance processes

Test Panel App

The Identity Panel Suite, through the Test Panel App, adds unique testing capabilities for Provisioning and Governance policy configured in Entra ID. Additionally, Test Panel with this Provider allows for the rollback deletion of test case data and results. The capability includes creating, validating (asserting), and removing users from upstream (HR) and downstream (Enterprise App) connected applications, as well as IGA-assigned resources (including Groups and Teams, Applications and SharePoint sites) as part of your overall test case or suite.

This allows for:

  • Testing app provisioning service lifecycle
    • Provisioning
    • Deprovisioning
    • Environment Reset
  • Testing access packages
    • Package creation
    • Package assignment
  • Managing and promoting Entra configuration

HyperSync Panel App

The Panel Provider for Microsoft Entra ID enables HyperSync to enhance and extend the Entra ID Provisioning capability to support an extended set of scenarios and edge cases, including:

  • Enhancing Entra Application Provisioning
    • Synchronizing data from apps back to Azure
    • Enabling advanced provisioning/deprovisioning options
    • App based integration for emergency termination and account dormancy
    • Handling account rename scenarios
    • Synchronizing schema beyond SCIM scope
  • Enhancing Entra HR Provisioning
    • Synchronizing data from HR sources beyond Workday and SAP SuccessFactors
    • Working with the Generic HR Provisioning solution (Preview), including write-back
    • Integrating with multiple HR sources
    • Integrating with Service Panel for Contingent Workers not in HR
    • Lifecycle Management for Partner and Vendor (B2B Guest - External) workers
    • Lifecycle Management for Agencies and Subsidiary (B2B Guest - Internal) workers
  • Enhancing Entra Access Packages
    • State based consistency checking
    • Linking access packages to on-premises resources

Provisioning and IGA Migration from Okta

Identity Panel provides an application migration bridge to Microsoft Entra ID Provisioning (SCIM) and Governance (IGA) for applications presently employing alternative Identity Lifecycle (joiners/movers/leavers) and Governance platforms, whether current such as Okta or AWS, or legacy such as Oracle. It does this by first establishing a historical and holistic identity and access canopy for operations and reporting, then allows swap-out of IGA configuration without loss of business continuity or audit history. This canopy also serves as a lens with which to oversee and interrogate the entire application and identity landscape, whether present in the cloud, on premises or hybrid, and whether migrating from an existing IGA platform or implementing for the first time in Microsoft Entra.

Migration capabilities support the typical phases of activity involved, including:

  • Project Discovery
    • Scanning Okta for application and account configuration
    • Using Access Panel for app migration surveys
  • Application Migration
    • Replacing Okta provisioning service
    • Supporting hybrid operations with stateful sync
    • Consistency and progress reporting
    • Entra configuration as-built documentation
    • Automated testing for account synchronization
  • Post Migration
    • Using Identity Panel to meet reporting and compliance needs
    • Self-service and delegated account management tools

Licensing

This product is licensed per Azure tenant. You need one license for each Azure tenant you choose to scan and target.

For a limited time, existing customers who have purchased the Panel Provider for Microsoft Active Directory Federation Services can enjoy the benefits of the Panel Provider for Microsoft Entra Governance at no additional cost.

Training

The following courses are offered in the use of the Panel Provider for Microsoft Entra ID.

Related articles

Comments

0 comments

Article is closed for comments.

Powered by Zendesk