[MUSIC PLAYING] Hello. My name is Solenne. I've been a solution engineer at One Identity for over a year now, and I've been working in the IT business for the past seven years. I used to be a technical support engineer for companies like HP and Citrix. And now, I'm providing demo around a OneLogin solution to customers that needs to set up an access management solution in their environment.
Today, I will tell you about the great integration we can achieve between Active Roles and OneLogin. Active Roles and OneLogin are a natural fit since they both work with Active Directory. Active Roles is a great management tool for AD and Azure AD administration. It will help you simplify administration and account lifecycle management, and it will regulate admin access by providing delegated permission to specific user.
For example, you want to give access to your help desk user to the account and lock functionality , but they don't need to have access to the whole AD. For your HR team, you want to make sure they can create user in your Active Directory, they can remove user from Active Directory, they can change their job title and department, in case someone is changing job inside the company. But they don't need to have access to anything else.
So Active Roles will really help you, ensuring AD data integrity and compliance by providing the right permission to the right people. We can also extend manageability beyond Windows devices to a digital environment, including Unix, Linux, Mac OS and SaaS application. OneLogin, on the other hand, is a cloud access management solution that will provide an SSL portal for all your application and secure access using various MFA.
Using a role-based access control model, OneLogin ensures that your users only have access to the application they need and nothing more. By using your [? vigilance ?] AI running in the background, OneLogin can perform a risk-based assessment thanks to our SmartFactor model. For every single connection to the portal or to an application, a risk score is calculated based on more than 60 different factors. And using that risk score, we can then adapt MFA or change the security policy applied to a specific user.
Finally, we can ease the lifecycle management process by automating lots of tasks for onboarding and offboarding of users. The benefits of those two solutions working together are as follows. Integrating Active Roles with OneLogin will increase efficiency and productivity of your users. Whether they are your normal employee or your IT department, HR employees, everyone will find this integration helping on all those day-to-day tasks.
Active Roles will help you adopt a least-privilege model by strengthening overall security and enforcing your Zero Trust security framework. Using role-based access control and the real-time synchronization OneLogin has with AD, we will ensure that users and administrators have only the right access to the right resource and nothing more. This slide will show you a simplified architecture of the integration of those two products together.
Active Roles is connected to AD and will help you manage AD. You can create user. You can remove user. You can delegate permission. Then, using a connector installed on a domain [? joint ?] server, OneLogin will have a direct connection and a real-time synchronization with AD. Meaning every time a user is created, updated, or removed from AD, OneLogin will be aware of this information and will be able to adapt the application assigned to that user thanks to mappings that automate all the processes.
Now, let me show you some technical demos of what we can do with this integration. The first one concerns the onboarding of users through Active Roles into Active Directory. Due to time constraint, I won't be able to show you the onboarding process, but you will see that the logic is the same. Thanks to the real-time sync, when we onboard a user into Active Directory, the user will be available in OneLogin.
The same logic applies for onboarding. When the user is deleted from Active Directory, the access is revoked, and the user is deleted from OneLogin, as well. Let me show you. Let's have a look at a real example of onboarding a user through Active Roles. Here, as you can see on the top-right corner of my screen, I'm logged in as a help desk user, meaning I have access to a new user form to onboard a new user.
I simply have to fill in the basic information, like first name, last name. Email address would be populated automatically. Then, I need to make sure I set the new user to the right department and I assign the right job title because, remember, OneLogin uses a role-based access control model, and the department and job title will directly affect the application this new user would be assigned. And finally, I need to set the right user location that will directly affect the security policy assigned to that user. As a remote user, you won't have the same security rules as an office user.
I can manually add an application. This is completely optional, as most of the applications are assigned to the role. And, finally, I'm going to set a password. We can generate one and ask the user to change it on first login. But for demo purposes, we need to know the password to log in as Tom at a later stage. That's it. My new user, Tom, has been created into Active Roles.
If we open Active Directory and refresh, we should see a new user has been created into the Germany OU. Tom is here. We have the basic attributes synchronized-- first name, last name, email address, job title, and department. And if we have a look at the group he's a member of, we can see he's now part of the Google group, meaning he will be assigned the application, Google.
Thanks to the real