605.581 Cloud Identity Management
-
Service Code: 605.581
Contact(s): Dan Fullerton (585-383-2281)
Charges: See rate sheet
Description
-
This service supports users and accounts tied to Microsoft and Google suites and connects them to a multitude of vendor and cloud systems.
More specifically, Cloud Identity Management utilizes an automated provisioning system to synchronize Active Directory accounts with cloud provider directories such as Microsoft Entra ID and Google Workspace. This enables replicated identities for authentication, password management and single sign on (SSO) to access cloud resources consistent with the Principle of Least Privilege and best practices.
The Monroe RIC will facilitate required server resources enabling this technology.
Requirements
-
- Core participation
- Participation in 605.580 Cloud Domain Management
- Monroe RIC connectivity
- Ability to extract required data from the source system
- Requires virtual servers via 605.420 Server and Storage Hosting
- Dedicated member server for account synchronization tools
- Azure Active Directory Connect
- Google Cloud Directory Sync
- Google Password Sync is required on all writable domain controllers
District Responsibilities
-
- Designate a district primary and secondary contact for service
- Provide end-user support
- Maintain strict confidentiality
- Provide enterprise admin access to maintain the synchronization between local Activity Directory domain and the cloud domain (Azure AD or Google Workspace)
- Manage appropriate encryption certificates
RIC Responsibilities
-
- Provide ticket, telephone and email support
- Maintain dedicated member server
- Maintain user provisioning and password sync tools
- Liaison service for higher-level support needs between district and vendors
- Provide secure managed accounts for service application operation with appropriate role-based access controls
- Perform cloud domain user administration via license automation groups