How PrivaceraCloud and Okta Help Enterprises Achieve Seamless Identity Management Across Cloud Environments: A SCIMple Solution for AuthZ and AuthN

How PrivaceraCloud and Okta Help Enterprises Achieve Seamless Identity Management Across Cloud Environments: A SCIMple Solution for AuthZ and AuthN

By: William Brooks & Syed Mahmood

Forrester correctly points out in their report, How Cloud Identity Governance Can Help Mitigate Access And Entitlement Risks, that as cloud platforms proliferate, protecting data, avoiding breaches, and ensuring full insight in and across cloud platforms are becoming key priorities. Considered an emerging cloud security area, security and risk professionals are looking to technology to help them automatically and continuously discover identities, fully map them out, and control them and their access rights in multiple cloud environments.

User authentication (authN) tools fit this need, as they provide organizations with the ability to confirm a person’s identity in real-time in order to provide them with access to a variety of digital resources such as files, applications, or services. Rather than having to rely on labor intensive and error-prone manual processes, identity and access management (IAM) solutions enable enterprises to provide employees, customers, and partners with the information they are entitled to, while at the same time reducing the threat of data breach, fraud, and non-compliance.

The ability to confidently authenticate users is a foundational element in providing users with authorized access to data, or authorization (authZ). AuthZ is also a critical component for organizations looking to perform audits, ensure compliance, and run identity analytics.

Privacera connects identity data from authentication systems to authorization entitlements so that the two are always in sync

Privacera connects identity data from authentication systems to authorization entitlements so that the two are always in sync

Migration of enterprise data to the cloud, and the adoption of SaaS applications, are the driving forces that have increased the demand for cloud-native authentication solutions. But along with this demand comes increased complexity in managing access controls, auditing, and identities across the growing cloud data management ecosystem.

Privacera helps enterprises meet these requirements by providing seamless integration with traditional identity and authentication tools like LDAP, Active Directory, and Azure AD, and single sign-on platforms supporting OAuth and SAML. Now, PrivaceraCloud provides direct integration to receive updates pushed from SCIM identity servers, such as Okta or Azure AD, and connectivity to SCIM APIs in services like Databricks to automatically pull new users, groups, and attributes into Privacera.

PrivaceraCloud is a fully-managed service that provides data governance capabilities across cloud services through a single unified interface. PrivaceraCloud alleviates manual installation or software upgrades and can be configured in minutes to provide a fully functional data governance platform.

To connect and access users, administrators simply need to provide connection information to external resources. Once connected, they can select the appropriate connection protocol or service. For LDAP, AD, AAD (Lightweight Directory, Active Directory, or Azure Active Directory), a configuration wizard walks them through the configuration steps. PrivaceraCloud also facilitates user access from the following:

  • Okta: PrivaceraCloud uses SCIM protocols in client mode to connect and synchronize with an Okta-enabled SCIM-Server to access data users and groups
  • SCIM: accesses users and groups from a generic SCIM compliant server
  • SCIM Server: establishes PrivaceraCloud as an Okta (SCIM) Identity Provider (IDP) whereby users and groups can be directed to PrivaceraCloud from an external SCIM-enabled source
Add connectors

Administrators simply need to provide connection information in order to connect and access users from external sources

In addition to the flexibility of importing user identities from LDAP, Active Directory, Azure Active Directory, or SCIM identity servers, PrivaceraCloud can be configured to use an external Identity provider. In this scenario, Single Sign On (SSO) provides the mechanism to configure a connection via SAML to an identity provider. PrivaceraCloud SAML and SSO have been validated for use with Okta.

Administrators can access users and groups from SCIM identity servers

Administrators can access users and groups from SCIM identity servers

Administrators can now leverage SCIM users and groups to define and enforce access control policies in PrivaceraCloud

PrivaceraCloud’s flexible approach is meeting a critical need in the market. As companies continue to migrate their analytic workloads and applications to the cloud, they are also realizing how they are significantly increasing the areas that need to be protected to avoid data breaches and attacks. Rather than being limited to a single identity service, companies need the flexibility to select from the wide variety of directory offerings that best support their use case to truly authenticate the identity of its users.

To learn more about PrivaceraCloud or request a free, 30-day trial, visit www.privacera.com/try-privaceracloud/

Interested in
Learning More?

Subscribe today to stay informed and get regular updates from Privacera.