Microsoft Entra ID Governance is Microsoft’s Cloud based IGA (Identity Governance and Administration) solution that seamlessly integrates with the Microsoft ecosystem.
The baseVISION Microsoft Entra ID Governance Enablement service covers the following three topics:
The provisioning of the users is performed by the Microsoft Entra ID provisioning service. The process of creation and update of user identities across various connected systems is preformed by it. During this engagement baseVISION will implement the inbound-provisioning of user-objects based on HR data. As target systems Microsoft Entra ID itself or Active Directory forest(s) can be used.
Provisioning processes are defined using mappings between source and target systems, and support complex transformations, scoping filters, and attribute flows. These mappings can be customized to reflect business-specific requirements. The provisioning service ensures changes such as new hires, department transfers, or terminations are automatically reflected in the connected systems in near real-time.
The provisioning service also supports outbound provisioning. It’s used to provision identities and attributes from Microsoft Entra ID to target systems like SaaS applications. This topic can be covered in an additional engagement.
The Access and Identity Lifecycle Workflows (Joiner-Mover-Leaver-Processes) are covered with Microsoft Entra ID Governance. Features like Lifecycle Workflows and Entitlement Management are used to automate the user and access lifecycle. With Lifecycle Workflows, user lifecycle processes can be automated. They are primarily defined and automated for employee’s business user objects. However, it is crucial that these processes are also defined for administrative and guest user objects.
Microsoft Entra Identity Governance and Microsoft Entra Lifecycle Workflows provide cloud-based capabilities to support and automate Identity Governance and Lifecycle processes in the cloud and on-premises. It provides the capabilities to ensure that the right people have the right access to the right resources at the right time.
Microsoft Entra Entitlement Management focuses exclusively on the user access lifecycle (Access Management). It supports approval-workflows, periodic reviews of these assignments, and the removal of these assignments. The focus is on enabling delegation to end users or the business, as well as automation. Entitlement Management is structured into catalogues, access packages, and resources. Access for users is granted through access packages. An access package can be requested by internal or external users or assigned to them manually or automatically based on attributes provided by the HR data source.