As we move to a more cloud orientated world, CTOs and IT architects are going to need to put some careful thought into the management of user identities. They need to ensure systems remain secure, and that users remain productive, so I think it’s time they considered Azure Active Directory as part of their Identity Management Strategy.
Let’s look at what happens if identities are not managed properly:
The organisation engages with cloud SaaS offerings and each user gets a login for each service
Users use personal accounts (Facebook, LinkedIn, Microsoft) to interact with cloud services. What are the problems with that?
Corporate policies such as strong passwords, password expiration, and multi-factor authentication are not adhered to
Users have a lot of passwords to remember so they forget them or write them down
Users spend considerable time logging in, retrieving lost passwords etc
There is no easy way to see who has access to what
When people leave it is hard to ensure that they no longer have access to anything
The organisation may continue to pay subscriptions for users that have left
So when it comes to identity management there are two basic principles to follow:
There should be a low a number of identity stores (I’m talking logically here – physical replication for performance or other reasons is fine, as is separate stores for internal and external users)
For internal users at least, the identity stores should be under the control of the organisation
For external users an identity store provided by a third party may be acceptable – for example allowing users to access secure web site content using their Facebook account. It depends on the scenario.
For every organisation that we work with, the primary identity store is Active Directory. Synchronising this to Azure Active Directory in a safe and secure way is an important first step towards identity management in a modern world, as it allows the same identities to be used across on premise and cloud based systems. More on that in a future post.
For more help and advice about identity management within your organisation, please contact us.
http://www.pythagoras.co.uk/wp-content/uploads/2017/07/User-Experience-Enhancements-for-Customer-Engagement-in-Microsoft-Dynamics-365.jpg450800Claire Pearcehttp://www.pythagoras.co.uk/wp-content/uploads/2015/07/Pythagoras-Logo-RGB-Blue-Horizontal.svgClaire Pearce2017-07-31 10:33:152017-07-31 11:31:50User Experience Enhancements for Customer Engagement in Microsoft Dynamics 365