Microsoft EntraID Architect-Multiple Locations(Hybrid)

Microsoft EntraID Architect-Multiple Locations(Hybrid)

• Scope of work shall be to develop an identity governance solution using Microsoft Entra Governance features provided by tenant such that the following state is achieved:
• User identities are tracked throughout their employment lifecycle states.
• Basic access to applications is automated such that users have day-one access to the network and core applications required for their work.
• Application account creation/modification/disablement is automated where possible via directory integration, SCIM, API, SQL Stored Procedure, or ServiceNow Ticket. Requests for access are granted via an approval flow.
• All user accounts are linked to an employee or contractor.
• All application access is reviewed on a periodic (semiannual) basis.
• Reports are available for audit and research purposes. For example:
• Access Review Results, User accounts by application,User roles and access

Objectives

• Migration of current IGA capabilities from IdentityNow to equivalent/comparable functionality provided by Entra Governance or other solutions (scripting, etc)
• Maintaining current integrations with Active Directory/Entra
• Leveraging new capabilities afforded by Entra Governance and other (Identity Access) Entra Suite features

1.1: Create Entra (primary)/On-prem AD (sync'd)/Exchange user accounts when new employee or contractor record is created in an authoritative source.

1.2: Role-Based Access (RBAC); Basic access is granted based on HR attributes.

1.3: Access may be granted by request (group-enabled - Example: department group/app group).

1.4: When user is on "Sensitive PTO" Lifecycle State, disable Entra and On-prem AD accounts.

1.5: Upon user termination, deprovisioning of access, accounts (Entra, Active Directory, and application), and active sessions.