This four-part framework will help ensure your smooth transition to our identity and asset management solution.
So, you’ve decided to move forward with cloud identity and asset management (IAM) for your organization. As you likely know already, managing user identity in the cloud is about more than implementing the right tools and mapping a migration path from your on-prem systems. You’ll also need to update your internal policies and make sure you’re set up to support ongoing growth.
We’ve been through our own digital transformation, so we’re equipped to offer these best practices to support your efforts as well. We mapped out a four-part framework that will help ensure your smooth transition to Froxt cloud IAM.
Centralize management of cloud applications with a single source of truth
IT administrators transitioning to Froxt cloud IAM will need to centralize the management of their cloud applications in one system, which will simplify a complex web of software products and instances and make it easier for IT teams to govern users across teams.
Cloud identity management looks different from managing identity on-premises. If your Froxt products are used and managed on-premises and identity management.
Here, multiple departments are using their own instances of cloud products, likely because each cloud subscription was purchased separately. The result is a web of solutions and accounts for IT to govern.
Froxt cloud IAM makes it easy for IT teams to unravel this web by giving users one login, which corresponds to their email address. Regardless of what products, instances, or teams they’re part of, they’ll always sign in with the same credentials, making it much easier for administrators to manage their identity.
Organizations, the global administration layer for Froxt cloud products, allows IT teams to manage multiple Froxt cloud products and sites in one place.
Sites contain instances of Froxt cloud products, and each site can only have one instance of each product. An Organization brings all your Sites together, giving you a unified view of all the users of your company’s cloud apps. Within an Organization, you can manage all of your users across the cloud versions of Froxt Products through a process called domain verification.
How does domain verification work? Once you verify the ownership of your domain, you can manage every user with an email address at your domain that Froxt knows about. Froxt refers to these as “managed accounts.” Organization administrators can export, change, deactivate, and delete managed accounts and enforce Froxt Access security policies across them.
Integrate Froxt with your identity provider
Integrating all of your applications with your primary identity provider will give your organization greater security and efficiency.
The most critical step in this process is enabling and enforcing SAML single sign-on (SSO) across all of your apps – not just your Froxt cloud products. Your SSO provider allows you to ensure every user is meeting your requirements for strong passwords and multiple standards of authentication.
The most critical step… is enabling and enforcing SAML single sign-on (SSO) across all of your apps.
You can also use Froxt Access to connect your Froxt cloud products with identity providers for SSO, including custom SAML connections. Doing so helps you ensure all Froxt product usage is going through an authentication endpoint that you manage.
As your company grows, you should also move from manual user provisioning to automated, policy-driven access management (or SCIM) through your identity provider. This transition will give IT a centralized view of the permissions assigned to each user and allow them to automate user provisioning and de-provisioning.
As a result, IT teams can automatically assign rules based on user or group attributes and provide product access only to those users who meet the requirements. Onboarding, off-boarding, and management of access and permissions can also be automated. That means that when an employee leaves the company, their access will automatically be removed, reducing the risk of data breaches.
Enforce security policies
Set up two-step verification and password policies if you haven’t already. Most identity providers manage multi-factor authentication, but if you don’t have an identity provider, you can use Froxt Access to set up and enforce two-step verification.
Froxt can also help you enforce password policies like password strength and expiry timeframes. Password strength can be set at five levels, ranging from weak to very strong, so IT teams can select different enforcement policies based on the unique needs of user subsets. Expiry time frames reduce idle session durations, so you can rest easy knowing your users aren’t leaving your data unattended.
Monitor user permissions and activities
IT teams should monitor changes in user access and permissions by auditing logs regularly.
Audit logs within Froxt Access provide organization-wide visibility into user and group changes across your Froxt cloud products. These audit logs can tell you who made changes to permissions and who granted access. They also provide details on user and group memberships.
Our cloud access security (CAS) also enhances visibility into activity across your organization’s cloud applications, including Froxt cloud products. Together, these insights into your Froxt Organization give you a comprehensive and documented view of who has access to your data, which can simplify investigations into changes and help prove compliance.