People come, and people go, and while digital identities should cease to exist after a departure, many times, this doesn’t happen. At any given time, organizations can have thousands of user identities to manage and track, so when processes aren’t automated, it’s easy for many identities to fall through the cracks. This phenomenon is called Identity Lifecycle Management, and when it comes to access and security, it’s worth the time to get it right.
StrongDM manages and audits access to infrastructure.
- Role-based, attribute-based, & just-in-time access to infrastructure
- Connect any person or service to any infrastructure, anywhere
- Logging like you've never seen
Following on the heels of our recent announcement of 2022 being the Year of Access, StrongDM continues to ease friction and remove the barriers standing between technical staff and access to the resources they need—without sacrificing security—with our latest product release.
We’ve made it even easier to manage access to backend infrastructure in an increasingly ephemeral computing environment. Simply put, this is the most impactful, far-reaching release we’ve done to date, and early feedback from our customers has been a resounding “yassssssss.”
Take a look.
Simplify Provisioning with Deeper Identity Provider Integrations
We listened to our customers and, by far, the feature everyone was clamoring for was deeper integrations with identity providers. In fact, according to our recent survey, 53% of organizations take hours or weeks to grant access to infrastructure. Additionally, 88% of organizations require two or more persons to approve access requests.
With the release of tighter integrations with Okta and Microsoft Entra ID (formerly Azure AD) (or any SCIM-based directory service for that matter), you now have the ability to manage just-in-time, least-privilege access to your critical infrastructure right from your preferred identity provider (IdP), dramatically reducing the time needed to approve requests and grant access.
This means increased developer productivity and faster development cycles, all while supporting Zero Trust security for hybrid and multi-cloud environments. Not too shabby, eh?
More specifically, you can now:
- Automate user and group provisioning with a single source of truth.
- Synchronize Role assignments from your IdP to StrongDM.
- Choose which users and groups of users you want your IdP to manage in StrongDM.
- Manage policy exceptions via StrongDM by assigning IdP-managed users to StrongDM-managed Roles or StrongDM-managed users and service accounts to IdP-managed Roles.
Here’s a more in-depth product video that gives you a taste of what these integrations can do.
Get More Flexibility with Dynamic Access Rules
A perfect complement to static access rules, dynamic access rules eliminate loads of manual administrative work, giving businesses more granular control when provisioning infrastructure and enabling staff to access the resources they need more quickly.
Dynamic access rules enable businesses to enforce a powerful set of rules based on attributes such as tags and resource types. With this model, also known as attribute-based access control (ABAC), access is granted dynamically to Roles and their users every time a resource gets spun up or torn down.
This is particularly useful for companies with large installed bases with lots of resources on the backend, especially ephemeral ones. Basing access rules on tags offers much more flexibility with so much ephemerality in today’s computing landscape.
If you’re interested in seeing dynamic rules in action, check out this short video and let us know what you think. Good or bad.
New to StrongDM? Sign up for our free no-BS demo and discover how frictionless Zero Trust can work for you. Or, feel free to check out the results of our survey to see how you stack up against your peers.
About the Author
💙 this post?
Then get all that StrongDM goodness, right in your inbox.
You May Also Like
We are thrilled to announce a new feature to our StrongDM® Dynamic Access Management (DAM) platform: Device Trust. This feature amplifies your organization's security posture by employing device posture data from endpoint security leaders CrowdStrike or SentinelOne.
The New York Department of Financial Services (“NYDFS”) Cybersecurity Regulation is a set of comprehensive cybersecurity requirements that apply to financial institutions operating in New York. The goal of the regulation is to ensure that the cybersecurity programs of financial institutions have robust safeguards in place to protect customer data and the financial sector.
The AWS Well-Architected Framework has been a staple for many years for AWS practitioners of all sorts, including cloud architects and platform engineers. It’s a blueprint for architectural and design best practices that will lay the foundation for resilience, operational efficiency, and security on the AWS Cloud.
If credentials fall into the wrong hands, intruders may enter a network and launch a disastrous attack. In fact, 46% of cybersecurity incidents involve authentication credentials, according to the Verizon 2022 Data Breach Investigations Report. Organizations have two general ways to determine someone’s access rights once past initial authentication: Coarse-grained access control (CGAC), which relies on a single factor, and fine-grained access control (FGAC), which relies on multiple factors. Traditionally, CGAC has been the easier option, while FGAC offers superior security at the cost of more complex implementation.