GET SAAS ACCESS UNDER CORPORATE CONTROL WITH MICROSOFT ENTERPRISE MOBILITY & SECURITY
37 minutes. That's the average time that it takes to decommission an employee’s access to corporate and SaaS applications after they resign or are terminated. What can a disgruntled employee do in 37 minutes? While IT is busy shutting down access to AD and a myriad of SaaS, the organization is at risk.
Using Azure Active Directory and its interface to 3300+ SaaS apps in the marketplace, organizations can immediately moderate that risk. Once a ex-employee is decommissioned from AD, their credentials are invalid in their on-premises or SaaS applications. As a productivity bonus, users enjoy SSO to those SaaS apps, instead of managing separate logins.
To understand what SaaS apps are in use, Cloud App Security is enabled, identifying logins to SaaS portals. With the inventory of cloud apps in-hand, IT can now configure Azure AD to pass credentials through to sanctioned SaaS apps, and bring them under organizational control.
Once a user is configured for single sign-on for specific Cloud apps, instead of logging in individually to several web portals, they will log in once to their active directory account. Then, instead of going to the main homepage of the SaaS application, they’ll go to a unique URL that takes him to the same app, but already logged in. When they terminate, the administrator can simply decommission the active directory account. When the user attempts to log into that application, they will be blocked just as they will be blocked to corporate data on premises.