ROI iAM

Appearance

Overview & Prerequisites

Overview

Microsoft Entra is a powerful IAM solution that is tightly integrated with Azure. Since 2024, it is also the recommended tool to replace SAP IdM. Unfortunately, the two products have significantly different technological backgrounds and architectures, which makes a direct technical migration close to impossible.

The Microsoft solution follows modern IAM trends, offering many new features unavailable in SAP IdM. However, this has a downside. Microsoft Entra struggles with some legacy technologies and custom applications where SAP IdM excelled.

The MS Entra Provisioning Accelerator for ROI iAM addresses this gap, offering seamless integration of any application into the MS Entra provisioning pipeline. This document outlines the steps to install and configure the solution on a customer's Entra tenant.

Prerequisites

To set up the Microsoft Entra Provisioning Accelerator, ensure the following:

Required Subscriptions

  • Azure Subscription
  • Microsoft Entra ID Governance Subscription
  • Azure Active Directory Premium P1 or P2 (Microsoft Entra ID Premium P1/P2)

Required Permissions

The user performing the setup must have the following permissions in Azure and Entra:

Azure Roles (on Azure Subscription Level)

  • Contributor or Owner: Creates and manages Azure resources (Logic Apps, Storage Accounts and Tables, Key Vaults, Function Apps).
  • User Access Administrator: Assigns or modifies role mappings, such as granting managed identity access to a target resource.

Entra Roles

  • Application Administrator: Creates and manages Enterprise Apps and adds or removes API permissions.
  • Identity Administrator: Creates and manages Access Packages and Catalogs under Identity Governance.
  • Lifecycle Workflows Administrator: Creates and manages lifecycle workflows under Identity Governance.
  • Privileged Administrator: Allows the user to assign roles in Entra.

Setup Overview

The setup process divides into two main parts:

  1. Azure Configuration: A one-time setup activity, which once configured should not require constant changes.

  2. Entra Installation and Configuration: Covers the creation of a new application in Entra for each repository onboarded from ROI iAM.

Next Steps

Ready to begin? Continue to the Entra Configuration section to start setting up your Enterprise Application, Catalog, and Security Groups.