One of the key features of Provisior is to provide insight in user access rights. This used to be quite simple as most access rights where formed by Active Directory security groups for access to network shares, shared mailboxes, distribution lists and software applications. One of the primary use cases of Provisior is maintaining the memberships of AD groups. And because Provisior provides a direct link with Active Directory it is able to show who has access to what resource and therefor provide insight to whoever is interested or responsible (like managers, IT helpdesk, owners, security officers, …).
As more and more IT is moving to the cloud, especially when talking about SaaS applications where the customer does not maintain the software themselves, is providing access right by using AD groups the best solution for this type of access? Personally, I don’t think so, for the simple fact that you do not know that the group membership is in sync with the permissions granted in the SaaS solution. Unless you create some sort of script or tool who periodically checks this and keeps it in sync (just for the sole purpose of using AD groups for this).
Many SaaS solutions provide API’s or web services to connect with. Being able to retrieve users and maybe even their roles within the applications is pretty common. Provisior provides a platform to connect to your cloud applications and link your users to them, similar to AD group membership. This automatically provides the same insight to all who are responsible. Key advantages? No need for unnecessary AD groups and real-time insight.
I will provide different examples of connecting to SaaS applications in the near future. So please stay tuned 🙂