Pushing down Azure AD RBAC rules to legacy and SaaS systems?

Jean Baro 1 Reputation point
2022-03-03T18:44:17.257+00:00

Hi there,

I am new to Azure AD. Please forgive me if this is a naive question (I couldn't find a good answer on google).

We use AD as our single/centralized LDAP for Staff/Employees.

Now, we would like to turn Azure AD into the solo tool we need to manage RBAC and Credentials for all our employees.

Examples:

  1. Once a new employee is hired, we can go to the AD Admin panel and grand access to this person (add them to a access group)
  2. If this person leaves the company, we can go to AD Admin and revoke their access.
  3. If this person changes position/role at the company, it should be a matter of just going to Azure AD and moving them from one group to another.

Now, this seems to be a super typical use case for any company, BUT, like all of them, we have hundreds of different systems that Staff/Employees use daily. These can be SaaS services, In-House Legacy systems, old generation products, MS Excel spreadsheets, etc.

  • Most of these systems support AD integration for AUTHENTICATION
  • Few of these systems support AD integration for AUTHORIZATION (RBAC).

My question is: is there any add-on or native Azure AD functionality that I could use to integrate the authorization mechanism of those systems with Azure AD authorization? Some low-code tool or a set of preexisting "adapters" for the most commonly used systems? Like Netsuite, Salesforce, ZenDesk, SAP, etc.? What about the legacy and in-house systems?

After having this framework built around Azure AD, the benefits would be:

  • Be able to provision and de-provision users in a central system
  • Trace all the user access in one place
  • Extract data (reports) from a single source of truth

Please, Is that something that can be done in Azure AD, or do I need another tool/service?

Any help would be appreciated.

Thanks

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,799 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Carlos Solís Salazar 16,781 Reputation points MVP
    2022-03-04T19:41:12.197+00:00

    Hi @Jean Baro

    First, you need to synchronize your Azure AD with your AD, you can do it with "Azure AD Connect"
    https://learn.microsoft.com/en-us/azure/active-directory/hybrid/whatis-azure-ad-connect
    With that synchronization, you can administrate all your users from your AD

    About the second part of your question, in the Azure AD, you have an Application Management
    https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/what-is-application-management

    Application management in Azure Active Directory (Azure AD) is the process of creating, configuring, managing, and monitoring applications in the cloud.

    Hope this helps,
    Carlos Solís Salazar

    ----------

    Please "Accept as Answer" and Upvote if any of the above helped so that, it can help others in the community looking for remediation for similar issues.

    0 comments No comments