How to automate SaaS rights assignment and revocation with directory synchronization

Introduction

The number of SaaS operations conducted in anticipation to the number of SaaS. Since users and licenses are managed for each SaaS, SaaS operations are bound to increase as the number of SaaS contracts. If pops revoke the rights of retirees such as Notion, Slack, and Zira, it will actually be considered in each SaaS.

To sync users from a directory to a POPs organization, you must first add a directory to the organization. In this article, I will explain how to integrate Active Directory.

‍

Inactive Active Directory

1. A memorable work

Before adding an LDAP directory to an organization, the following tasks must be discussed:

(1) Dissolve the firewall

The firewall must be disabled so that POPs can access the LDAP server. If the firewall is opened so that the following IPs can access the 389 (LDAP) and 636 (LDAPS) ports, POPs can communicate with the server and manage sensitive information.

- 13.124.200.100

- 13.209.184.88

(2) Manager DN preparation

Prepare the DN of the administrator account to be used to authenticate the server to which you want to connect. You can use an existing account, but we are creating a separate account to use for the POPs directory.

2. Add directory > enter information

When the completed tasks are completed, click the [Add Directory] button in the directory list and select the [LDAP] button to move to the information input screen. On the information input screen, basic information and server information must be considered in order to link with a server in an existing directory.

(1) Basic information

Basic information is used to separate directories within an organization.

- Directory name*

- Directory description

- Password change URL

(2) Server information

The following server information is required to actually connect to the server and related information.

- Host*

- Port*

- Base DN*

- Manager DN*

- Manager Password*

After completing all required fields (*) of basic information and server information, click the [Test Connection] button. In order to move on to the next step, the server must be integrated through a connection test. If the connection test is successful, click Next to move to the next step.

3. Add directory > Filter settings

(1) Filter settings

A filter must be set to specify the list of users to be imported from the server. The following information must be considered in order to set filters. Filters cannot be modified after the directory has been added.

- Search Base*

- User Search Filter*

(2) Filter testing

After considering all required items (*) for filter settings, click the [Test Filter] button. In the filter test, can you find out the number of users queried through the interesting filter information. If the intended filter information is different from the number of users to be queried, check that the filter information corrected is correct and try again. If the filter test is successful, click Next to move to the next step.

4. Add directory > Link attributes

(1) Link required attributes

Map directory attributes to fields in the organization. Fields that are managed as required by an organization must be mapped to an attribute in the directory. The fields managed as required by the organization are the organization's default fields and custom fields, which have been considered as required by the administrator. Mappings can be modified at any time, even after the directory has been added.

(2) Preview properties

The mapped attributes can be used to test what values are being considered from the directory. After selecting the username of the directory user in the attribute preview input box, click the [Preview] button to import and display the mapped value based on the user information.

5. Directory addition completed

Once you have connected the attributes, you can finalize adding the directory by adding the [Add Directory] button.

‍

Automate the assignment and revocation of SaaS permissions

SaaS management requires synchronization by synchronizing users after directory integration. After authenticating to the SaaS API in the POPs admin, view the list of users in that SaaS. With linked SaaS, user permissions can be set in the POPs admin, and the settings are applied to the relevant SaaS. In other words, POPs can manage users of each SaaS such as Slack, Zira, and Asana in one place.

‍

If you manage multiple SaaS with a single platform, routine tasks will be automated, processing time will be efficient, and employees will be able to focus on more important tasks. Megazone Cloud has also reduced onboarding time for new hires by hired and quickly upgraded SaaS rights to new hires through POPs.