Simplifying SSO Provisioning Scenarios: Manual, SAML AD, and SCIM

This video aims to provide a detailed understanding of different types of provisioning scenarios in Single Sign-On (SSO). The most common method is manual provisioning where an IT administrator or a department head creates a user profile. However, this process presents challenges when users need to be offboarded as they also need to be manually deleted, which can impact costs due to per user fees.

SAML (Security Assertion Markup Language), though excellent for seamless access, doesn't offer much in terms of provisioning and de-provisioning. Auto-provisioning on first sign-on is a rare feature among SAML SSO applications.

In SAML AD, the application receives user data such as email, first name, last name, etc. Upon the user's first login, their profile gets provisioned. However, disabling their account in Azure AD won't impact the third-party web application, meaning the manual process of offboarding still needs to be followed.

The ideal solution is SCIM (System for Cross-domain Identity Management). With SCIM, users get created when they're assigned to a group or application and removed or deleted from Azure AD, the de-provisioning is also done in the third-party application. This approach is not common, but it's increasingly becoming the standard for provisioning web apps.

Remember, each method has its own advantages and challenges. Understanding your organizational needs and the capabilities of your identity provider can help choose the right approach for you.

#SSO #AzureAD #Provisioning #DeProvisioning #SAML #SCIM #SingleSignOn

Видео Simplifying SSO Provisioning Scenarios: Manual, SAML AD, and SCIM канала Agile IT