- Federation is not a replacement for provisioning - Working with cloud applications means more authentication sources; Active Directory in one’s own corporate network and one or more authentication sources, for example AD, LDAP directory or database in the cloud. There are only a few possibilities for synchronizing user accounts between both authentication sources, (like AD Federation Services from Microsoft and the SAML standard. In this manner, end-users can log in transparently to the cloud applications. However, federation is not a replacement for provisioning and basic user account management.
- Too many manual actions - Providers who do not support federation frequently offer a web-browser that managers can use to control access to the cloud application directly. This necessitates a sequence of manual operations and is time-consuming and error-prone. Also, when it’s possible to import a basic CSV file into the cloud application, it still requires manual intervention by the application manager.
- Different conventions for naming and passwords - Conventions governing naming standards and passwords are often inconsistent between network and cloud applications. In the network, a user ID might be based on the log-in name, and in the cloud it might be the e-mail address. This complicates exchanging user account details between the environments, and many times, differences also apply to password conventions. When extremely complex passwords are required in the corporate network, cloud applications might not be able to handle this type of password. The possibility also exists that the cloud application requires a different duration for password expiration than within the corporate network.
- Missing organizational structure - The reporting hierarchy structure within an organization is often utilized to assign authorizations to employees based on their role or position, commonly referred to as Role Based Access Control (RBAC). Within the corporate network this structure is contained in an HR system or within Active Directory. Cloud applications normally cannot translate this organizational structure, and the web based provisioning functionality they offer does not offer a robust method for incorporating this level of detail. Naturally, it is possible to transfer the entire organizational structure to the cloud application, but this requires an enormous volume of management activity when something in the hierarchy changes.
- What if the connection drops? - Providers who offer links between the network and cloud applications often use event-based synchronization between the systems. However, they do not have a procedure in place to deal with a temporary drop in the connection. Cloud applications do not provide any guarantee or notification that synchronization completed successfully.
- Reject bulk actions - Performing bulk actions in cloud applications is occasionally rejected by the application. Some cloud applications which impose restrictions on the number of actions that can be carried out in one pass, or require that no management activities are undertaken during working hours to prevent overloads on their network.
Tools4ever acknowledged that the migration of applications to the cloud would bring new challenges in the field of user and account management. With this in mind, Tools4ever developed links (connectors) that offer the following functionality:
- Password synchronization. If a password is changed in Active Directory, this change will be automatically implemented (synchronized) in the cloud application;
- Auto provisioning of user accounts linked to UMRA's proprietary user account management process, ensures synchronization of user accounts for employees through the HR system, as well as any changes made by the helpdesk, managers and even end users. User accounts are created, modified, enabled, disabled and removed etc. in a completely automated way;
- Integrated access management from the end users to the cloud application. Accesses to various components of the cloud application are assigned/revoked on the basis of the end user's organizational role. UMRA features an advanced RBAC module that controls access to the cloud application on the basis of the department/job title in the HR system, as well as the choices that managers have made for their employees;
- A centralized dashboard that provides IT managers with an overview of the cloud applications deployed by each user. The dashboard can be used to control the license costs as well as for logging and reporting purposes;
- Single Sign On for all cloud and web applications based on existing Active Directory credentials. This means that users are no longer required to remember a host of user names and passwords.
I like this blog. I'm really glad I have found this information.
ReplyDeletebest cloud hosting
I am please to find this opportunity to read a worth reading information.It helps a lot of viewers to know more about cloud applications. :)
ReplyDelete