Azure AD integration

Organizations managing their infrastructure and user permissions centrally through the Microsoft Azure cloud platform and Azure Active Directory can synchronize the groups they have there into DriveLock and use them for access permissions and assignment of DriveLock policies in the same manner as they could previously do with a local Active Directory.

DriveLock treats computer groups from AAD like static groups, except that they are automatically maintained through synchronization rather than manually by the user.

It helps you achieve the following goals:

1. Assigning policies to computer groups

   Computer groups connected to an AAD are used as the target of policy assignments.

   They are available as static computer groups in DriveLock. These groups need to be readable by DOC and DriveLock Management Console (DMC).

2. Using computer groups in policies

   Within policies, you can use AAD groups in the same way as you use static groups. Rules for individual computers need to be created using the computer name.

3. Use users and user groups in policies

   The AAD account name is used for users instead of the SID as before. This is an address such as "user@mydomain.onmicrosoft.com".

   AAD user groups may also be selected within the DMC as a DriveLock user group. The available user groups and their members are entered in the same way as computer groups by means of a synchronization mechanism.

4. Log in on a role and permission basis using Azure AD user groups

   You can select an AAD user group for role assignments. When a user logs in to the DOC via SAML, the DES determines the AAD user groups that the user is a member of. The remaining logic is no different from standard AD.

5. Self-Service

   Azure AD user and computer groups can be used in self-service rules.