Opal + Azure AD

‍

Opal + Azure AD Use Cases

Protect against breaches with least privilege

• Grant just-in-time access to Azure AD groups that are auto-expiring and fully audited using Slack
• Ensure that privileged roles have the appropriate identity governance and approval configurations, such as multi-stage approvals, max duration, custom fields, and more

Accelerate employee access on paved roads

• Enable resource owners with the most context to approve access requests and provision access automatically via Slack
• Accelerate employee onboarding by enabling managers to request on behalf of their reports or enabling self-service discovery of resource bundles
• Automate on-call access by provisioning and deprovisioning access via on-call schedules

Simplify compliance without manual overhead

• Automate user access reviews so compliance teams can snapshot user listings, assign reviewers to self-service reviews, propagate access changes, and generate an auditor-friendly access report
• Review access of employees who have recently transferred roles or departments

Azure AD Overview

Azure Active Directory is Microsoft’s multi-tenant, cloud-based directory and identity management service. For an organization, Azure AD helps employees sign up to multiple services and access them anywhere over the cloud with a single set of login credentials.

Azure AD offers the following benefits:

• Single sign-on simplifies access to your apps from anywhere
• Conditional access and multifactor authentication help secure data
• A single identity control plane grants full visibility and control of your environment
• Governance ensures the right people have access to the right resources, and only when they need it
  

Opal + Azure AD Overview

Opal's integration with Azure AD supports Security Groups and Microsoft 365 groups. This allows employees to request time-bounded access to Azure AD groups, add resources from other Opal integrations to Azure AD groups, for example Github repo, AWS IAM role, etc and initiate access reviews. In addition, Opal syncs with Azure AD as a source of truth for identity - importing users, organization attributes, and their group mapping.

AzureAD Integration Setup

Once AzureAD is set up as an App, admins can easily use the same API credentials to import user attributes from AzureAD as the identity provider.

1. In the Apps sidebar, click on "New App", and select AzureAD

2. Create your API token and upload account credentials