How to manage multi-source Applications and Access Profiles

Hello to all of you,

We are starting to have some use cases where we need to provision rights in multiple sources for a single app :

For example SaaS solution with SSO :

• Access to app is managed in our Azure AD with a AAD group
• Access Profiles are managed inside the app using direct connectors

How can we manage this to publish access for the user into a single app in the request center ?

We thought of using roles for this, but it means that the notion of application will disappear or we need to have a very strict naming rule of our roles. In this model, we may have this :

• Role 1 : “App X : Access Profile A”

  • Access Profile 1 : “App X : Access to application” (using AAD user group)
  • Access Profile 2 : "App X : Access Profile A " (using SaaS Connector)

• Role 2 : “App X : Access Profile B”

  • Access Profile 1 : “App X : Access to application” (using AAD user group)
  • Access Profile 2 : "App X : Access Profile B " (using SaaS Connector)

Thanks in advance for your ideas

No idea on this topic ? We really need to manage access to app with multiple sources, but we would like to avoid to use role for this

What I’ve done in the past is to make the application and access requestable using the entitlements managed by the direct connector, then have a role that auto-assigns the Azure group if they have any of the entitlements in question. Or if there are a lot of entitlements use an account attribute like the email on the source contains “@” or something like that.

Hello @KevinHarrington,

Seems to be a good idea using an auto assigned role. This could work for the use case with Azure AD groups

Do you have any idea on how to manage this kind of app if i have entitlement in multiple sources (for example in a database plus a web server) ?

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.