Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Azure and Azure AD Connector

Go to solution
tejovempaty
New Contributor II
New Contributor II

‎10/09/2024 07:42 AM

Connector Architecture (saviyntcloud.com)

This document says we need to use:

Since Azure Connector relies on Azure AD Connector for accounts. So, you must run the account and access imports in the following order:

  • perform account import for Azure AD endpoint

  • perform access import for Azure endpoint

But, We can import accounts using Azure AD Endpoint as well. Is there any specific reason why we need to use Azure Connector Type again to import only access and map these 2 end points? Is it recommended by Saviynt to use Azure AD connector to import both accounts and access ?

Labels:
0 Kudos
3 REPLIES 3

Go to solution
stalluri
Valued Contributor II
Valued Contributor II

‎10/09/2024 08:05 AM - edited ‎10/09/2024 08:06 AM

@tejovempaty 

Azure and Azure Ad connectors are used for two different integrations.

Azure AD Microsoft Graph API is used for integration between EIC and Azure AD.

  • Supports Rest connectors or OOTB Azure AD connectors. This brings all the accounts and access under single connectors using Grap API's

                      Use Case                                                           Connection Type

Import accounts and groups from Azure AD

Azure AD

For integration information, see Configuring the Integration for Account and Group Import.

Import users from Azure AD

REST

For integration information, see Configuring the Integration for Importing Users.

Manage Azure AD groups

Azure AD

For integration information, see Configuring the Integration for Managing Azure AD Groups.

Provision or deprovision accounts and access to Azure AD

REST / Azure AD from 23.10

For integration information, see Configuring the Integration for Provisioning and Deprovisioning.

Provision distribution group membership

Win-PS

For integration information, see Configuring the Integration for Provisioning Distribution Group Membership.

 


Azure is used to bring anything related to Azure objects like (VM,NetworkSecurityGroup,..etc)

                 Use Case                                                                                           Connection Type

Import accounts from the target Azure application to EIC

Azure AD

For integration information, see Azure AD Integration Guide.

Import access from the target Azure application to EIC

Azure

Provision or deprovision accounts from EIC to the target Azure application

REST

 


Best Regards,
Sam Talluri
If you find this a helpful response, kindly consider selecting Accept As Solution and clicking on the kudos button.

Go to solution
rushikeshvartak
All-Star
All-Star

‎10/09/2024 09:04 AM

In Saviynt, the Azure AD Connector and the Azure Connector serve different purposes within identity and access management:

1. Azure AD Connector:

  • Primary Focus: It handles user account management within the Azure Active Directory (AAD). This connector is responsible for importing and managing user identities, including creating, updating, and deleting users.
  • Use Case: Typically used to synchronize and reconcile user accounts from Azure AD into Saviynt, which allows for identity governance operations such as provisioning and deprovisioning of users across multiple systems.
  • Capabilities: It imports Azure AD users, groups, and sometimes certain directory-specific attributes, but it doesn’t directly deal with Azure resources such as subscriptions or roles that are outside of AD.

2. Azure Connector:

  • Primary Focus: This connector is used to manage Azure resource access, focusing on user permissions and roles for resources hosted in Azure (e.g., subscriptions, resource groups, or specific services).
  • Use Case: Used to handle role-based access control (RBAC) for Azure resources, importing the roles and permissions a user holds within the Azure cloud platform. This is crucial for governing access to specific Azure resources rather than directory-level identities.
  • Capabilities: It imports access-related data like roles, subscriptions, and other permissions from Azure environments, which can then be linked to user accounts previously imported via the Azure AD Connector.

Main Differences:

  • Scope: Azure AD Connector deals with identity management in Azure AD, whereas the Azure Connector is focused on access management for Azure resources.
  • Data Imported: Azure AD Connector imports user accounts and groups from AAD, while the Azure Connector brings in permissions and resource roles from Azure subscriptions.
  • Order of Operation: In general, it is recommended to run account imports first from the Azure AD Connector, followed by access imports from the Azure Connector, to ensure proper mapping and correlation between accounts and access.

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Go to solution
tejovempaty
New Contributor II
New Contributor II

‎10/09/2024 04:23 PM

Thank you both for detailed answers. 

0 Kudos
Copyright © 2024 Khoros, LLC