Bridge the gap between HR IT and business with the Azure Active Directory identity | BRK3267
Good. Morning thank, you for being here I am. Typical, Gupta senior program manager in, the Microsoft, identity division focusing, on provisioning, and. I'm cheatin they say Senior Program Manager focusing. On identity, provisioning, specifically. On HR integrations. Jaden. And I wanted to learn a little bit about our audience, so. We want to know why you're here today, are. You here because the title sounded interesting. Not. Okay, good job very much, yeah. Are. You here because you heard about the azure ad connect, cloud provisioning, announcement, from either joy or Alex. Few. Of you how. About the HR, integration, announcements. Phew. And, lastly. Are you interested in the roadmap of provisioning, and what Azure ad can do awesome, so. First and last it's, not because he heard news, the. Second question we had was we. Want to understand, whether how. Many of you work closely with HR, on your, day to day job okay lots, so, the demos straighteners gonna show you it's going to be awesome how. Many of you are in the IT team focusing, on identity. Everybody. Good. How. Many of you are in the business team you, want to use the apps but, ID comes in the way and this title had the word business so you should came here. No, expected. Cool. Ok. With. That will continue the. Interactions. That we had in terms of show of hands, so, let's, take a look at some of the trends that we see are disrupting. Today how, HR, IT and business work together I think. Each one of us in the room is probably, touched by these trends. At some point or the other so. Let's, let's first talk about cloud HR a quick. Show of hands here how many of you are in. The midst of moving to cloud HR or already, using cloud HR. That's. Great and you're, not alone because as. Per the, Gartner study by, 2025. We are going to see 60%, of large, and mid, segment, customers. Moving, to a cloud HR solution, and, then moving, to the next point that's on MN, is how. Many of you have. Been part of MN. A or divestitures. That's. Great again not. Again. Now you're not alone in the board here we see a lot of customers. God. Telling us about the problems, related, to M&A and how they would like solutions. From as your area in that space and, finally, this. Is not a show of hands but we, all know that shadow IT is dominant, here a line, of business application, user, who. Has a credit card can procure a cloud web service that he cloud application. That he would like to use. And ID. Will not have any knowledge of it okay, so with, that let's go to the next slide and talk. About the, HR, IT and business personas, that, are specifically, impacted, by this trend so, if I where. The height of an HR manager, then. For me the move to cloud HR is really promising because, I don't, have, to deal with on prime HR. Systems, and there's, a lot of efficiency, that cloud brings with it what. About IT admins is. An IT admin I'm tired of writing custom solutions, I want, to be able to deliver on the needs of my HR teams and business, so. I want to modernize I want, a solution which lets me quickly respond, to my HR, and business needs I want, a solution that's fast, that's scalable. Extensible.
And Can, be governed, yep. And then finally as a business manager I mean. Granted that I have got, a cloud app but, I don't want to be in the business of shadow IT because I am NOT an expert at security, or identity, governance I would like to leave that to the IT team. Okay. So. With that let's take a look at how, azure, ad can, help you yep, Azure. Ad can help you bridge, the gap between HR. IT and, business we'll show you a bunch of demos throughout a presentation, to show how we. Can help you simply, integrate, with the cloud HR applications, like workday. And also bring identities, from disconnected. 84s, to Azure ad once. All these identities are, in Azure ad we, can provision these out to all the applications, that you need to get work done. Okay. So, first. We'll take a look at why and how Azure ad is different from traditional. IDM. Systems. That you have been deploying on, Prem. So. Personally. I have been working. As a consultant. In the IDM space for the last 15, years and as, a consultant. Have. Been involved in a lot of these, deployment. Patterns that you see here where, you have an identity, manager, solution, it. Could be a Microsoft, and any marriage or it could be Oracle, it could be sale point this. Int manager solution, is provisioning. To your LDAP directory these, databases. Also. Integrating, with your, service. Ticket. Service. Desk and giving. Access to line of business applications, for. Your employees, and contractors and. While. Doing that we, see, a trend, of, high. Maintenance costs, associated. With this solution. The. High, operational cost of, running. These servers on-premises, writing. That custom scripts and connectors, to. Plug-in into each of these systems and because. The. Standard, adoption, has been very low when it comes to on. Prem ID and systems you have to build a proprietary, connector for each system and that. Can eat into your maintenance cause after, a, connector, has been written by a system integrator or consultant, and they leave and finally. It's not built, for the cloud scale so, not able to respond to your growing, cloud business, apps. It. Doesn't stop here I think some. Of the horror stories, that I have seen on the ground is where especially. When it comes to HR integration, I've. Seen where. One change in the HR system can. Lead to a deluge of transactions. Downstream. To your Identity Manager for, example I know of a company. That changed, office location, for. Around. 3000 users who moved, from one location to the other and when that one change was done in the HR system it, triggered, that many update transactions, downstream. To that identity manager, and it, just went, down it, could not handle that load okay, well that's still okay, but they're, also scenarios, where in. Turn on the HR team did. Some change that caused accidental. Termination, of users which is very, difficult and embarrassing to recover from okay. So. As I was saying earlier as, your ad is one. Platform which can help you with all your provisioning, needs on, the. HR side we have pre integrated, connectors, for workday, and success factors what. This means from your perspective, is the time to integration, goes down from months, to days and then. You don't have to maintain that infrastructure, or the custom script or solution you wrote on, the. Directory, side we have outer ad connect sync and cloud provisioning, which can sync identities, from ad including. The disconnected, forests, and also, sync identities, from generic LDAP. Lastly. You want to get all these users, in the applications, so we have out-of-the-box. Integration. With over, 100, cloud applications, and we. Give you the ability to bring your own application.
Using. Skimp open standard as well so. At the end the time to productively, from the for the end user really, goes down from like hours, trying to get an account trying to get a access. To the app two minutes and from an IT perspective you, have a platform that secure and cover Noble that you can leverage. Okay. It's, great. So. With that let's deep dive into, the, azure ad provisioning, capabilities. So. Let's first start with HR. Systems you. Never want to miss an identity event that stay coming from your HR system and how, do you do that let's. See what one of our customers. Did in this space so, this is a large. Online fashion. Retailer they. Embarked, on the journey of HR transformation around. Two years ago when. They decided. To use workday, as their, cloud HR platform, and not, only that they also in stayed in a lot of cloud. Applications, and decided, to use Azure ad as the. Provisioning, tool that glues, all of this together, and this. Is what the. Customer had to say that, able, to sleep a little better at night and, as you see on this slide probably, also go home a little bit earlier so. With. That let's. See what this, involves, the HR driven identity, management lifecycle so. We here are specifically talking about scenarios. Call, as, joiner. Mover, and leaver scenarios, that. Is we want to cover the entire lifecycle, right, from new hire and all, the. Nuances. Associated with, new hire provisioning, such, as you. Want to generate a unique, ID for them you want to make sure that when you create that account, in ad they get a unique UPN. You. Want to auto detect duplicates. And. Avoid collisions, you, want to create them in the correct Oh you within. Within. Active Directory and then, when there is a change a manager. Change, a department, change you want to make sure that change flows, into on, frame 80 and also into your Azure ad and finally. If when. When the termination, takes place or when they resign you want to make sure all access, gets, disabled, on their last working day, okay. So let's take a look at how, this is done and I'm super excited today to share with you the. Preview. Of success. Factors, integration. Rule out that that's going to release. This month. Okay. So with, that, thank. You Nautica for switching the screen so what you see here is the, success factors admin console and. The. HR here as HR, manager I have on boarded a new hire called, Joshua, Ness and, he. Came in yesterday and, as, you see here this is his personal information, let's go to his employment, information and he's. Hired as a customer. Service agent and he. Works in the shared services, department. And if, he scroll down you can see. His manager information. Paygrade. Etc, now, as an HR manager again, I want to make sure that IT, gets. Access, to this information and, I don't have to be in the business of generating, flat, file feeds so, that IT can consume this information, so. Let's see how IT can. Use Azure ad to, do this. So. What we are providing now in the azure ad portal, is an application, called success, factors - as your ad user provisioning, you. Can instantiate. This from the gallery and. Once. You go, to the provisioning, tab you. Turn on the automatic provisioning, more and provide. Credentials, to, connect to, your success, factors instance. And. The. Next step is where, you configure your mappings. So. Let's take a look at how, this works. So. Here in the mappings. This, allows me to select every attribute from, success factors and map, it to a corresponding azure, ad attribute, also, it allows me to apply transformations. Like the one you see here where. I'm doing a concatenation of, first-name and lastname. Further. I can also. Select. A specific. User population. So let's say as a HR. I don't want to bring all users, from, success factors into. Azure. Ad maybe, it's a merger acquisition or, an iOS teacher scenario where I want to limit the scope I can, add a scoping, filter like, here I have said. That I want to only get users. Belonging to the shared, services department, ok, so. Once I have configured, this I go. Back to, the provisioning, page. And. Turn, on the provisioning, ok, when, this turns on you will see a progress bar that, shows you all the users that have been processed and we. Can see here if Joshua. And s now, shows up in our provisioning, logs so I'm going to switch here to, our provisioning. Logs. Ok. And. In this provisioning. Logs. You. See there is an entry, for. Joshua. Ness. That. We, were able to import this user from SuccessFactors, we, determined, if the user is in scope they, needed a match and then, finally, provision the user into us your ad you, can also see, all the attributes, that we pulled, from success.
Factors, So. We got the street address postal, code company. His. Job title etc. How. Does this look. Thank. You. So. We will take questions towards, the end. Ok. So that's how we got the new hire in we can also take a look at Josh's. Profile, in Azure ad and here. You. See all. His, information even, the manager relationship. Has come in to Azure, ad. You. Can extend this with, the help of dynamic, groups you, can assign, customer. Service agents, a specific, group like, here we have assigned customer, service agents, to the customer service associate, group which, among other things also, gives them group, based licensing, to Azure, ad p1, in this case. Ok. So that's how we can extend. This. And then, finally also, we are care provide the capability, of right back so we realize that HR. Is not the authoritative source for attributes, like email address or phone number so. This. May be generated, by other systems and you want to flow them into success factors we also provide that capability, ok, and finally, the most important, scenario, which allowed our customer. To sleep better at night that's, the disabled. Scenario, so, we did, a, disable, termination. Transaction, in success factors, for. Neil. Flores. So. You would see there's. An update here coming in floor for, Neil Flores where the account enable attribute, was, switched from, true. To false what. What happens here is that the, account for Neil furnace then gets disabled. In. As your ad and you would see here that, sign ins are blocked for this user, okay. You can also configure rules here too soft delete the user if you want, okay. So, with. That yeah, and the demo of success. Factors let's go to the next slide. Great. Thank, you Jason thanks, for the amazing demos, so, in the next section we're going to talk about how, you can provision identities. From on-prem to, a surety. We. Are gonna have some customer stories that you we would like to share in this section so I would like to invite Tom Sawyer from SMP C. Good. Morning everyone I'm. Tom. Slayer vice-president, of cloud architecture, for Sumitomo. Mitsui Banking Corporation, otherwise, known as SN BC we. Were, Microsoft's. First cloud. Provisioning, customer, in production, let. Me kind of walk you through how we got here. We. Have a pretty typical started, with a pretty typical hybrid. Identity deployment. We had identities, an ad an azure, ad, sync. Together as a single identity for, a single plan of management in the cloud, and. That's a pretty. Typical scenario, show of hands how many people are using a ADC, as, your. Active Directory Connect, good knows. What that is pretty. Typical that works great for most of our user scenarios. Where. Things got complicated for, us is that we, have a number of subsidiary organizations, those. Subsidiaries are part of SMBC, from. An organizational, perspective but. From an IT perspective they're, effectively, isolated companies. And. Why. That was difficult is, we, didn't have a network connectivity to them so while, you have an ADC and you can connect all your forests, or anywhere, within your landing, or when once. We started moving to these disconnected, forest scenarios we didn't have any good way of. Reaching, out to those forests and bringing their identities. From their ad is there for us up into our ID. So. Why. Was that bad. Our, people are all part of the same larger organization, in SN BC but. Because we had these disconnected. Subsidiaries. Those. Those users couldn't find, users. From the parent organization in, Outlook, they couldn't chat on teams they, couldn't collaborate, back and forth on files. And. So what usually wound up happening is instead of being able to you know launch SharePoint and work together they. Would jump back to email, and everybody. Knows sending large files back, and forth over email we'd start getting complaints files, are getting blocked how can we do this better what other scenarios. They'd start going to third-party services. And now you have shadow IT and all of that creep that you want to really try to avoid by. Having about everybody in the same cloud so it. Wasn't very productive for them we, had some workarounds, they, were able to go to they. Could come into our environment, through a virtual, desktop and they could open a browser in our environment.
And Our virtual desktop and then get to the SharePoint sites and stuff they wanted to access, but. The problem was is that they still couldn't save those files back to their own environments, and. So ultimately they took those files and they they wound up going back to email again, but, what really started to drive the urgency for us to get these users into the cloud was, that one of our subsidiaries, had. It on from exchange environment that was expiring at the end of 2019 and, so there. Was quite a bit of urgency to get those users up to the cloud and get those users to the cloud quickly. So, because. They were isolated we, we started thinking well how are we going to do this there's there's no tool that exists, we all know AADC is only gonna work from one main forest up to one tenant that's the relationship, and that was it so we came up with Plan B and Plan B was we, make a custom, tool we, have each one of these subsidiaries. Create. Their own a ADCs and basically their own kind of shadow as. Your active directories so they could write their user objects, up to that and then, we would go and use a PowerShell tool to, query. Those directories, bring, those users down into a shadow forest, within our own local ad. And then write. Those identities, up to our tenant so kind of a very complex process and and just the way it sounds to describe it's, it was too complex we were afraid one it was a lot of manual work because we had to write all these scripts we had to do maintain. Now multiple, AAA DC's, and all these different sites and. It, was just there was too much opportunity, for things to go wrong when, you're when you're talking about identities you really don't want to have people, suddenly disappear, from the cloud because they're not gonna be too happy about it so. Before. I get, into the, what are Azure, 80 cloud, provisioning, got for us. I'll. Say for a moment we we first found out about this we were actually on a business trip to our our corporate office in Tokyo and we, were meeting with our Microsoft, team there and we were discussing what the scenario was and they said hey guess what we, happen to have a private preview program for, this thing new thing called as your ad connect cloud provisioning, we, said what that sounds interesting that was the that, was the third week in September. Two. Weeks later after finding out about the preview program I'm working, with the ticket very closely we, actually had this deployed in production for. The subsidiary that had the expiring, exchange, environment so, extremely. Extremely, easy to deploy. Basically. What it is is it's, a lightweight agent, that goes within your environment and. A. Single. Server or multi server so you can get a che, within. The within the disconnected, forests, it's, based on the Azure a proxy, technology, so really what's happening is you, have just a very simple lightweight agent, that you install in the remote site. And. Then all of your traditional, Azure, ad Connect, logic. Actually runs in Azure and so, it's able to query down to the agent and the agent is really just passing that back query, into your local ad grabbing. All those user objects, and then syncing those objects, up to your tenant so, you go, from one nice little disconnected, site and a whole bunch of old complex, scripts to now a. Nice, simple, agent. That you have deployed and all of those identities flowing. Up into Azure ad so, what, does that get us that gets us our our single plan of management and Azure ad we had one spot for all. Organization. Not just our main, tenant, but Mar. Menor but, all of our subsidiary, orgs all those, all, those identities, are in Azure ad so. We get that single plan of management and now all those users that were having difficulty, collaborating.
Now, That can all access the same SharePoint Online that, can all be in teams that can all work together so whereas, it was very difficult for us as an org chart. Aditi. We, can now work great together as one single organization. Thank. You DOM. So. In case of SMB see they. Had disconnected, forest but they hadn't gone down the path of consolidating. Those and disconnected, forests, into a single, intermediate, ad I'm. Working, with another customer, who's not with us here but I wanted, to share their scenario, where, they have created an intermediate, forest. This. Is what their architecture. Looks like so they have multiple disconnected. ATS and they, have an intermediate ad forest, they, are using all sorts of mechanisms in, some cases scripts, in some cases. Microsoft. Identity Manager to bring those identities, into a charade, in, into, the ad. Now. Once those direct identities, are in in the intermediate, ad they, are bringing those to Azure ad using, Azure ad connect sync, but. This approach has some challenges from. An IT perspective they. Had to go down the path of consolidating. All the identities, in this intermediate, ad forest that, is a big effort by. Itself the. Second challenge is that they, now have to maintain identities. In two different forests. They, have the overhead, of having to maintain this intermediate, ad forest. Lastly. They, are not able to fully leverage Azure, ad capabilities. Like self-service. Password Reset like hybridize your ad join. From. An end user perspective this. Gives them a broken, single sign-on experience when. They go from on-prem apps to cloud apps because they are different forests, and identities. This. Is where they would like to get to so in the future say it, they have these disconnected, ad for, us they, want to use Azure ad connect cloud provisioning. To sync those forests. Directly to Azure ad, completely. Get rid of the intermediate, ad forest, this. As I said will, help them reduce costs. No, longer need to maintain the intermediate, ad and they, can start using SSP. Our self-service. Password Reset. Hybridized. Or ad joy and windows are low for business all the capabilities, in our ad that you might be hearing about this week, from. An end-user perspective the, user gets single sign-on across all the cloud and on-premise, so. We have started this deployment, with the customer already and hopefully. We can share more of their, deployment details, in. The next session. With. That I want to quickly walk you through the azure ad connect cloud provisioning. Setup. As. Tom. Was saying the, first thing you need to do is to install a lightweight, agent this agent is based on the existing, app proxy, technology, that you might be familiar with. The. Agent. Requires entering, your user ID credentials, and then your ad credentials, and here. You can configure multiple DOE ad domains, with the agent as well. Next. You confirm, once. You confirm it takes up to two minutes to register the agent, with our cloud service, and make sure it's ready for provisioning. Once. The agent is configured you go to the azure portal, to configure provisioning, this, new option on the top is for cloud provisioning, I'll, show. You how to create a new configuration here. So. In my setup I only had one domain, so the domain was pre-populated. For me in this experience but. If you have multiple domains configured, with the agent you can simply select that from. The drop-down, you. Can further scope who gets provisioned, using Active Directory groups, or. Organization. Units you, can define multiple of the groups multiple, of the organization, units.
By. Default we enable password hash sync but you could just uncheck, the box if that's not acceptable. For your organization. Then. You have the notification, email we highly recommend you configure, this so if provisioning, for some reason is not running because we can't connect to the agent, we'll send you an email vacation, to go investigate further, and, lastly. You can enable this once. Enabled we will run provisioning, every two minutes so. We'll provision, not just the password hashes every two minutes but also the users and group changes will, be provisioned every two minutes to a surety, this. Is a big change from what we do in Azure ad connects think where we by default run the cycle every 30 minutes I. Want. To call out a few more options on the screen so you have an option to review all the agents, on the top where you can see if the agents are active you also have the option, to go to the logs so, these are the same laws that Jason was showing you earlier the, provisioning, logs these, provisioning, logs apply to all professional, scenarios it's all a single, platform whether. It be a char or a d2 as ready or even provisioning. To SAS apps. Once. You have this all configured, you can verify that the users from this new domain that you configure it are now in Azure ad so, in this case users. From the. Adatom. Finance, comm, are now in Azure ad. So. This is the classic slide that you have seen throughout. This week. So. We can support disconnected, ad forests, we. Can we, are moving the sync complexity, and heavy lifting all to the cloud so, you don't have to worry about managing a big sync. Server or the complexity. I, want. To go into the next level of details about what features we are supporting, in our public preview so. The. First thing is going to be users, and group provisioning, with password hash sync. All. Customers, will have as your ad connects sync so we, are supporting, coexistence, with Azure ad connects sync so. You can run both sync and cloud provisioning, within the same tenant. You. Can pilot with ad groups so you can start off with only a small set of users that are using cloud provisioning, and slowly scale it up using organization. Units and, then. You can run multiple of these agents for high availability we. Recommend running three provisioning, agents making sure that your, password hashes are always getting to Azure ad it doesn't ever a time where user changes they passport on Prem and the. Sync, server is down and the user password hashes are not getting, updated. In Azure ad. From. Operational, perspective we have provisioning, logs that you saw earlier we. Also are adding another option for on-demand provisioning. So, this is really cool from a setup perspective, so when you're configuring provisioning, you, can test it for a single user for your account of free test account making, sure the configuration, is as expected before you enable it further it's. Also handy from a troubleshooting, perspective, where, if user, is saying hey I'm not able to sign in or my account is not provisioned you. Can try, testing. For this user and see, what's going wrong in their configuration.
Next. Chicken. Is gonna show us cool demos of how you can use ashram Monitor workbooks for provisioning, those, will be supported for 82's, rady as well all. The agents are auto upgraded, so you don't have to worry about the, different agent versions testing, them in your test. Environment and. Then pushing the update down to your production. Environment we'll take care of the upgrade, of the agents for you. Lastly. This. Feature, becomes really important, in a disconnected forest, environment, where, the. IT managing, the forest might be different from you right and you, might want to delegate the setup of the agent, to, that IT team so. You we are introducing a new role called the hybrid admin, role which. Allows you to set up the agent, as well as provisioning, so, you can delegate setting, up cloud provisioning, to your disconnected. 84s. Admins. From. An authentication, perspective, we support password hash sync as well as Federation, and we'll, have support for a seamless single sign-on as well. Lastly. I want, to call out some advanced option, we support attribute. Transformation, this is the same what Jason showed earlier where you can transform, maybe. The name display, name to be a combination. Of your first name last name so you can do all that transformation, using our Microsoft. Rate graph API is that again, will show later in the session as well, all. This will be available by the end of this month in public preview that's. Great. And. Just, to build on top of what anything I mentioned the agent, that we. Using for the as you already connect, provisioning, that's the same agent that is used for, HR. To on primary provisioning, so it supports both. Capabilities. So we are not asking you to install multiple. Agents and get into the, agent hell you know that's you, don't want you to go there okay so. With. That let's so, what we saw so far was we had, we took a look at how you, can bridge, that gap with, HR with cloud. HR. Integrations. Then, we also saw how you can, simplify. Your life with MN s and deal with the. Changes that come through that next, we will take a look at how, the cloud, scale app provisioning. Addresses. The problem of shadow IT so. If if you are a, line, of business manager, and you have an application, that. You have procured, you can ask your IT team to, go into the azure ad portal, and. Look. For that application and, in. Most. Of the cases you will find that app in, our SEO ready portal because we have grown, our app ecosystem. Rapidly. Over the last one, year you, have seen a 4x increase in the number of pre integrated apps there. Are 20 million configured, users, today, going, through the azure ad provisioning, pipeline and we. Are really driving. Pushing, the envelope on the skin innovation, by. Making. Sure that is. Wiis and also. Customers, are investing, in skin. Ok. So, these are the customers today these, are the highest fees who are using. The scheme driven integration, with Azure ad so. Skim is a standards-based. Protocol. For, exchange. Of information across, clouds. And it. Enables, the automated user lifecycle, management I think the biggest thing is it takes away, the. Time that you require, decreases. The time for, integration. So. If you do not see an application, that, you. Are using in the gallery please let us know we, would love to that to our gallery and increase. The number of apps are available as. Pre integrated apps okay. But. We also realize, again it's be, talking about bridging the gap between, business. IT and HR and in. Some cases. Provisioning. Is also a joint, or a shared responsibility, because. IT cannot. Handle everything that business, wants okay, and that's, why we don't want your businesses, to be overly, dependent on, IT for, some of the provisioning, tasks so for example let's take a scenario where. You're. Using workday and there, is a new hire in workday and when. The new hire joins you. Want. The. Person from the ServiceNow team Alice she wants to give them a PC or. Carol. Wants to add them to the right team channel or Bob, wants to assign tickets in Zendesk, these. Operations. Can be delegated, to the line of business managers. Now so, if there's a developer, in that line, of business department. And they. Would like to. Tap. Into the. 80, events that we are getting from HR he, can do so ok so let's take, a look, at how that's done going. To switch. To. Demo. Screen so. Here, we. Are going through, a case where let's. Say the, your. Help desk admin. Wants. To run a scheduled job where, he, wants to see all the new hires that are coming in and if they belong to the IT Help Desk the port department, he. Would like to assign them to. Zendesk. Group and a, team's channel, ok, and there's. No need that ID needs to be in the pin display in the picture for this to take place.
So. What you see here is the, power automate. Or, also, called as just. Previously called as Microsoft, flow. So. Now. The. Line of business manager. Can, engage, a developer, to, tap into the, provisioning, logs graph API so. What this is let me walk you through this so. I'm going to, go. Into, postman. Where. I have. Call. For, getting all successful, hires so in this what, the developer would do is retrieve. Or, access, token. Using. Endpoint. Called, the oauth2 token and then. Use that token. To. Query for. The. List of all successful, new hires that have come in from SuccessFactors. Since, yesterday, okay. And you can change this and parameterize, this operation, and use, this same query. Within. Microsoft. Flow, okay. So I have put the same filter in flow and there. Are advanced, options where you can configure how, you can, authenticate so, all that is baked into flow, so it's, really a local, platform your developer, as long, as your developer is familiar, and comfortable. With using the REST API paradigms. You can use this mechanism, to integrate so now that I have the list of new hires I, can. Parse that so, this is flow Auto generates, the schema associated. Once you want to you, give. The JSON schema it will parse the body and extract. The values and these beasts these are now available, as dynamic. Variables, with inflow which. You can use in the next step so. For example, I process. Each value so this is a. Loop. That, will process every, value and add the user to the Zendesk, support group again, this is using the azure, ad group, connector, in flow and then, post a message on, the teams channel, that. Hey welcome. To the team okay, and here we are using a. Variable. That was auto-generated. By flow. Okay. So that's how you can extend. Provisioning. So, this. Is just empowering, developers. To do more with us you ready. Okay. Cool, what. About the workbooks shaitaan' yeah. That's a great point so. Now we have solved, the problem of developers, and gave them tools to work with as. Your, ad let's, take a look from an operation, standpoint. Now your idea, admins, are interested in knowing okay so I have all these provisioning, jobs running, how, do I know how. Many read. Operations, happen from the source system how, many identities. Were, imported, how many were exported, so you we are now providing, you provisioning. Cycles, workbook, which, allows you to, get. A report, by. Pour an app or app basis, how, many. Times. That provisioning, job ran how many identities. Were imported, during that cycle and how many were exported, so this was for success factors, and the.
Same Thing you can do for Dropbox or workday or all the apps that you have configured in your environment, okay. Now. We would like to invite two of our partners, Tommy. And Jason. On the stage. Hello. Everybody, my. Name is Tommy bargains and I work for RTA in Sweden. As. A consultant. Attea. Is a. Market, leader in IT. Infrastructure, and system, integrations, for private. And public sectors, in. Nordic. And Baltic countries. We. Are around, 7,000. Employees with. Over, 4,000. Of which are consultants. Thank. You hi everybody I'm Jason Revell I lead the Avenal, Security Council in practice, in the UK in Ireland those, I don't know a Vinod is one of the industry's, leading joint ventures, actually, co-owned. By Microsoft. Accenture, we, operate in about 23 different regions, with about 30,000, employees. Thank. You Tommy and Jason, for joining us today so, both of you bring a lot of experience around. Identity, provisioning, I know, Jason in particular your word on a lot of mem projects. Involving, HR, integrations, now with the move to cloud EHR how. Do you see customers, working. On provisioning. Yeah. It's a it's it's a fun, pasta, I've had working with Finn and mem and integrating. It into here char and. As more companies have moved here char up into the cloud you know it hasn't removed any of the complexity, with you know achieving that levels of integration so you. Know the steps forward, now making, it more seamless integration. Into Azure ad integrating. It into the SAS platform. Removing, the, custom development, you know is gonna make huge steps forward you know I've seen projects. With SAP integration, sake you know multiple. Months to achieve requiring. Quite advanced, development, whereas, as you've demonstrated today, you know the integration, is very achievable for, an IT admin. Thank. You and that's HR. Is just one part of the story the. Other part is the application, provisioning. What are your experiences around, the application provisioning. Well. We're really seeing a move. From, on-prem. Provisioning, to cloud provisioning, and a lot of customers are also embracing, this new idea. And. In addition to that we see a lot, of application. Developers, are. Building their applications, with the provisioning. Based on skin, which. Makes. Integrations. Very easy, and. Do you see I mean you mentioned scheme so with that option of scheme do you see a decrease in the time it takes for integrations. Now yeah, definitely, I did. Running integration. For a customer, in the manufacturing. Industry. They, were deploying. An app and they wanted to use single. Sign-on and also, leverage conditional. Access to. Secure. Their sign names so. Fortunately, this particular, app supported, scheme which. Made. It very easy to to. Implement so. Instead. Of an sudden. Implementation. That might have taken weeks or perhaps months we were up and running in a few days. Do. You see the same drain there. Yeah. I think it's something, that's definitely emerged, in the last few years because I remember advising, customers, and still advise customers now saying you, know don't just think of as ready as a single sign-on provider, think of it as your provisioning, provider because if you only achieve. Single sign-on then, you're effectively leaving a lot of unmanaged, identities, out there in your applications, and having to do separate. Integrations. Into those applications. So you know setting, standards and policies you know insisting, on your development teams achieving. You know scheme integration, and the modern, auth integrations. Is absolutely. Where forwards and customers are finally, starting to wake up to that fact. Especially. When it comes to now b2b, integrations, as well so it's, not just about employees, obviously b2b, is a fantastic, capability, you, know we can achieve the same provisioning. Of those third-party accounts. Into your cloud apps as well with that capability now that's. Awesome thank you so much for sharing your experiences, with us. Thank. You do. The next slide yeah, thank you thank you Tommy and Jason. So, as. You heard in the last 40 minutes we talked about how you could, bridge the gap between HR. IT and business, using, Azure ad Identity. Provisioning, capabilities. These. Are some of the new announcements. We had so we'll have the public preview of a trainee connect cloud provisioning, available. By the end of this month the. Same thing applies to success, factors as well we'll have the public preview integration, that you'd saw Ethan demo. Available by, the end of this month as well and the. Provisioning. Workbooks will be available, publicly next week. Then. In terms of what's, next on the roadmap we, definitely, want to increase. The, reach of our provisioning, engine to, cover, on prime applications, so, you're going to see more.
Capabilities. In that space we're going to expand the reach of our HR integrations, beyond, workday. Success. Factors, to Oracle, HCM and. Also. We. Gotta provide a generic, sequel, based approach which you can use for integrating. With regional. HR, systems or there's so many other HR. Systems out there and. Then finally. There's, more enhancements coming to cloud provisioning, I think the guys working on awesome. So, we have some homework for you today as you, go back home we, want you to check out the provisioning. Workbooks, next week so if you have provisioning, setup take a look at the workbooks, and more, importantly, look at the queries behind the workbook so you can build your own custom, dashboards. And alert for, your organization's, needs in. The next two weeks if you do have a cloud, app that you're onboarding, don't, just think about single sign-on think, about provisioning, as well and set up the automatic provisioning. To those cloud applications, and then. If, you have, success. Factors or workday, in your organization. Do, a pilot of how. Do you bring identities, directly from these cloud EHR vendors to Azure ad, next. Month once cloud provisioning, is available. Give. It a shot give us feedback on how as rainy cloud provisioning, is helping you simplify, your, sync. Architecture, and helping with your merger, and acquisition, needs and last. As you talk. To developers internally. Or externally to, ISPs. Evangelized. Scam so we have a standard protocol for provisioning. In. The identity, provisioning, area you only win, when. Your HR, IT and businesses, work together. With. That thank you thank you for. Joining. Us.
2020-01-20 14:49
