Now let’s look at two examples for how to add automation into on/offboarding to better follow the Principle of Least Privilege.
IAM vs IdP vs SSO: A quick breakdown |
IAM stands for Identity and Access Management, and refers to the broad category of solutions used to manage user access and user identities. |
IdP stands for Identity Provider, and is a subcategory within IAM. Also known as directory services, an IdP focuses on managing core user identities, and serves as the source of truth for authenticating users across platforms. |
SSO stands for Single Sign On is generally the only thing end users see, as it simply refers to the unified place where users go to sign in. While some IdP providers also have an SSO, SSO as a standalone does not store user identities, but rather serves as the middleman that cross references a user login with the IdP to make sure it’s legitimate. |
Even if you don’t use Microsoft Entra ID, you can still manage user accounts in Rescue using your preferred identity provider (IdP). To do this, Rescue works with these providers via Single Sign On (SSO).
While groups and permissions don’t sync, offboarding the account itself in your IdP will disable access to Rescue via SSO.