Automate identity lifecycle management with Microsoft Entra ID Governance
The following document provides an overview of how you can automate identity lifecycle processes using Microsoft Entra ID Governance.
Automatic inbound provisioning from Active Directory
Provisioning from active directory to Microsoft Entra ID can be accomplished in several different ways using any of the following:
Microsoft Identity Manager to trigger provisioning when a new identity is created in these HR systems.
Automatic assignment policies in entitlement management
- Automatic assignment policies in entitlement management add and remove a user's group memberships, application roles, and SharePoint site roles, based on changes to the user's attributes. Users can also upon request, be assigned to groups, Teams, Microsoft Entra roles, Azure resource roles, and SharePoint Online sites, using entitlement management and Privileged Identity Management.
Automatic guest user lifecycle rights assignment
- For guest lifecycle, you can specify in entitlement management the other organizations whose users are allowed to request access to your organization's resources. When one of those users's request is approved, they are automatically added by entitlement management as a B2B guest to your organization's directory, and assigned appropriate access. And entitlement management automatically removes the B2B guest user from your organization's directory when their access rights expire or are revoked.
Automatic reoccurring reviews of users and guests
- Access reviews automates recurring reviews of existing guests already in your organization's directory, and removes those users from your organization's directory when they no longer need access.
License requirements
Using this feature requires Microsoft Entra ID Governance or Microsoft Entra Suite licenses. To find the right license for your requirements, see Microsoft Entra ID Governance licensing fundamentals.