Best IGA/IAM Solutions for User Lifecycle Management?

By
Keven Krok
-
0
6
Asked By CuriousCoder92 On

Hey folks! I'm looking for some advice on Identity Governance and Administration (IGA) solutions, especially ones that come with Role-Based Access Control (RBAC) features. My company is considering a new IGA solution to manage the complete user lifecycle—from contract signing, user account creation, access delegation through Active Directory, to decommissioning users at the end of their contracts. We're currently in a hybrid setup with on-prem and Entra ID, where we're only syncing one way to Entra. We've got around 2,000 users plus contractors. Also, the solution needs to integrate with our contract and salary management system, as we have some code in place that extracts information to a database and we need the IGA solution to manage user identities based on that. I'd love to hear what others are using!

3 Answers

Answered By Lifecyc1eManager On

For a setup like yours, managing lifecycle tasks on the AD side is typically the way to go, especially since your Entra sync is one-way. For around 2,000 users, tools like ADManager Plus can be very effective. It automates user data retrieval from your HR system or database, creates user accounts in AD, and applies access based on predefined role templates. This way, when roles change or contracts end, access can be adjusted automatically without manual effort. If you want, I can provide more details on how to implement this.

Answered By TechDude88 On

Microsoft just rolled out a feature aimed at improving the offboarding process for hybrid identities, which might solve some of your challenges. I've yet to test it out, but it seems promising, especially when combined with Entra Joined devices and passwordless login options like Fido or Smart Cards. Definitely worth a look for your needs!

Answered By IdentityGuru21 On

I went through a similar situation recently with a hybrid setup. It's crucial to find a tool that manages the entire user lifecycle efficiently. I recommend checking out SailPoint or Cato Networks; they simplify identity management and offer excellent RBAC features that can save a lot of time. You might need to adjust your AD sync settings, but these tools can pull data straight from your database, which is a huge advantage!

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.