The configuration process for setting up an Azure Active Directory for user identification with the Cloud Identity Engine has been updated so that it is now simpler and more streamlined. Instead of needing to manually complete all the steps required to configure a SAML-based app for the Azure directory, copying and pasting multiple types of information, or trying to decide between the client configuration flow and the auth code flow, now all you need to do is copy your directory ID, grant the necessary permissions for the Cloud Identity Engine to access your directory, and Azure automatically installs the gallery app for your directory.

All that’s needed from you is to select any additional information types (such as user risk information) that you want to collect from your Azure directory and whether you want to limit data collection to specific groups, then test the connection to ensure that the Cloud Identity Engine can successfully connect to your Azure directory to collect attributes for user identification.

With this new simplified process, the Cloud Identity Engine makes it even easier to configure an Azure directory for user identification, streamlining the deployment process for your Azure directories. This easier method minimizes the chance of misconfiguration, makes the process of deployment more efficient, and reduces the time to deployment.

For networks that manage traffic for IT and IT Enabled Services (ITES), ensuring that users have consistent access to the network resources that they need while still maintaining a security policy based on “least privilege access” can be challenging to deploy and time-consuming to maintain, especially as the number of users increases. To allow users access to resources on a per-project basis, the Cloud Identity Engine now supports Dynamic Privilege Access, a seamless, secure, and compartmentalized method to ensure users can access only the resources necessary for their assigned project.

When you enable Dynamic Privilege Access for the Cloud Identity Engine, the user obtains access through project-specific settings that isolate network resources after selecting a profile and a project and successfully completing authentication. This ensures that the user cannot gain lateral access to other resources or attempt other access-based malicious activity as well as helping companies to remain in compliance with contracts and regulations.

Dynamic Privilege Access also helps users by increasing visibility for what resources they can access. When a user logs in, all assigned profiles and projects display, allowing the user to choose which profile to use and which project to access. Users can have multiple customer project assignments but access is restricted to one project at a time.

Enabling Dynamic Privilege Access helps secure critical network resources from unauthorized access while maintaining productivity by ensuring that users are not prevented from accessing the resources they need to complete their work.