Skip to main content

Monokee & Microsoft Entra: Effortless JML Automation in Minutes

· 5 min read
Dr. Mattia Zago

Monokee, a next-generation Identity and Access Management (IAM) platform, leverages its innovative Visual Identity Orchestrator (VIO) to streamline integrations with various identity providers. This technical deep-dive explores the seamless integration between Monokee and Microsoft Entra, enabling near-instantaneous user provisioning through a series of well-defined API calls – a stark contrast to the traditionally complex and time-consuming IAM integrations.

Effortless JML Automation with Reusable Workflows

Gone are the days of hand-coding intricate workflows for Joiner/Mover/Leaver (JML) processes within Identity Governance and Administration (IGA). Monokee's VIO empowers system integrators and security teams to visually design and automate these workflows, leveraging pre-built connectors and drag-and-drop functionality. This intuitive approach significantly reduces development time and configuration overhead.

Prerequisites

Before starting the integration process, ensure the following:

  • A new tenant on Microsoft Entra with configured a Graph API application with permissions granted by an administrator: Group.Read.All, Group.ReadWrite.All, PrivilegedAccess.Read.AzureAD, PrivilegedAccess.Read.AzureADGroup, User.Read.All, User.ReadBasic.All, User.ReadWrite.All.
  • A new domain on Monokee

Step-by-Step User Provisioning

  1. User Registration: New users onboard through Monokee's self-service flows. Captured user attributes are securely stored within the Monokee Identity Repository, adhering to industry best practices for data protection.

  2. Account Request & Approval: Users request Microsoft Entra accounts through a dedicated workflow within Monokee. An automated workflow triggers a notification for administrator review and approval.

  3. Instant User Creation: Upon approval, Monokee initiates a secure authentication process with Microsoft Entra using the OIDC Client Credentials Grant flow.

    Monokee and Entra integration - Authentication Flow with OpenID Connect and Graph API
    Figure 1 - Authentication Flow with OpenID Connect and Graph API

    Monokee retrieves user attributes from the Identity Vault and calculates the ImmutableID as SHA256 of the user identifier. A POST request is sent to Microsoft Entra's Graph API to create the user with the following payload:

      {
    "mail": "{{user.username}}",
    "userPrincipalName": "{{user.username}}",
    "onPremisesImmutableId": "{{user.ms_ImmutableID}}",
    "givenName": "{{user.firstName}}",
    "surname": "{{user.lastName}}",
    "displayName": "{{user.firstName}} {{user.lastName}}",
    "accountEnabled": true,
    "mailNickname": "{{user.ms_ImmutableID}}",
    "usageLocation": "IT"
    }
    Monokee and Entra integration - User creation flow wit Graph API
    Figure 2 - User creation flow wit Graph API
    Monokee and Entra integration - User creation node configuration
    Figure 3 - User creation node configuration

User Editing & Removal

Updates and user removals follow a similar process. Monokee retrieves the latest user attributes and sends a PATCH request to the appropriate Microsoft Entra Graph API endpoint to update or delete the user record.

Key Advantage: Reusable Nodes for Streamlined Development

The true power of Monokee lies in its "Effortless and Reusable" (EAR) design philosophy. Each step within this JML provisioning process can be saved as a reusable node within the VIO. System integrators can then leverage these pre-built nodes for subsequent Entra integration projects, significantly reducing development time and effort. This eliminates the need to re-create the entire flow from scratch for each client, allowing them to focus on tailoring the solution to specific access control requirements.

Why Choose Monokee for Effortless Identity Fabric?

The seamless integration between Monokee and Microsoft Entra exemplifies the power of the identity fabric concept. By leveraging Monokee's Visual Identity Orchestrator (VIO) and Effortless and Reusable (EAR) approach, organizations can achieve a unified and automated approach to identity management across diverse platforms and applications. This translates to several key benefits:

  • Reduced Complexity: Streamlined JML workflows, built with pre-designed nodes in the VIO, eliminate the need for complex coding and manual configuration. This translates to faster implementation times and lower ongoing maintenance costs.
  • Enhanced Agility: The EAR philosophy empowers you to create reusable building blocks for your integrations. These pre-built nodes can be easily adapted and combined to support new use cases and integrations, fostering a more agile approach to identity governance.
  • Improved Efficiency: Effortless automation through the VIO minimizes manual intervention within JML processes. This frees up IT resources to focus on higher-value tasks and strategic initiatives.
  • Scalability for Growth: Monokee's modular architecture easily adapts to accommodate a growing user base and evolving access needs. The identity fabric scales seamlessly, ensuring a consistent and secure access experience for all users.
  • Reduced Costs: The combination of streamlined development, efficient automation, and minimized hardware requirements translates to significant cost savings for organizations. The EAR approach further reduces development time and resource allocation for ongoing maintenance.

Conclusions

In essence, Monokee empowers organizations to establish a robust and adaptable identity fabric. This translates to a more secure, efficient, and cost-effective approach to user access management across complex hybrid and multi-cloud environments.

Don't let complex IAM integrations slow you down. Embrace the Identity Fabric with Monokee and experience effortless JML automation in minutes.

Schedule a demo today to see how Monokee can revolutionize your identity management strategy!