Opal + Azure Active Directory (AzureĀ AD)
Product Overview
Azure Active Directory is Microsoftās multi-tenant, cloud-based directory and identity management service. For an organization, Azure AD helps employees sign up to multiple services and access them anywhere over the cloud with a single set of login credentials.
Azure AD offers the following benefits:
- Single sign-on simplifies access to your apps from anywhere
- Conditional access and multifactor authentication help secure data
- A single identity control plane grants full visibility and control of your environment
- Governance ensures the right people have access to the right resources, and only when they need it
Integration Overview
Opal's integration with Azure AD supports Security Groups and Microsoft 365 groups. This allows employees to request time-bounded access to Azure ADĀ groups, add resources from other Opal integrations to Azure AD groups, for example Github repo, AWS IAM role, etc and initiate access reviews. In addition, Opal syncs with Azure AD as a source of truth for identity - importing users, organization attributes, and their group mapping.
Use Cases
Modern Access Management
Using Opal, customers can:
- Grant just-in-time access to critical resources that are auto-expiring and fully audited
- Enable resource owners with the most context to approve access requests and provision access automatically via Slack
- Ensure that privileged resources have the appropriate identity governance and approval configurations, such as multi-stage approvals, max duration, custom fields, and more
- Automate user access reviews so compliance teams can snapshot user listings, assign reviewers to self-service reviews, propagate access changes, and generate an auditor-friendly access report
- Automatically escalate privileges (and revoke access) when developers are on-call via integrations with PagerDuty and Opsgenie

Integration Setup
Once AzureAD is set up as an App, admins can easily use the same API credentials to import user attributes from AzureAD as the identity provider.
1. In the Apps sidebar, click on "New App", and select AzureAD

2. Create your API token and upload account credentials
