Identity and Access Management

 

This article focuses on workflows. You can start to create and monitor all your workflows from the Workflow Hub.

 

This article explains how you can help automate your identity and access management by integrating it with Personio.

 

 

Why integrate an identity or access management tool with Personio?

If your company uses identity or access management tools such as Microsoft Azure Active Directory, Okta or Google Single Sign-On (for identity management only), you can integrate them with Personio. These tools can then use the information Personio has about employees to manage their access to the software they use, particularly when onboarding, offboarding, or changing roles.

This can ensure that employees can access the tools they need, and can help prevent security issues caused by outdated employee information.

 

How does it work?

Identity Management

Personio supports authentication with Google Single Sign-On and via OAuth 2.0 protocol. For more information, check our article on how to integrate an authentication provider in Personio

 

Access Management

1. User provisioning

When you create a new employee in Personio, a new user is automatically created in the active directory of your access management tool, with relevant information that allows you to set rules to automate access management.

 

2. User update

Each time you update a mapped Personio attribute (such as changing role or department), this information will automatically be updated in the integrated tool.

Your access management tool can then grant or block access to tools based on this.

 

3. User deprovisioning

Once an employee passes their termination date in Personio, the integration deactivates the user in the active directory and revokes their access permission. The employee can no longer log in to any of their accounts.

The user is not deleted from either Personio or your integrated software, ensuring that information is retained for your records.

 

Which integrations are available?

You can integrate Personio with Google Single Sign-On, Okta and Azure Active Directory. For more information about the possibilities and limitations of these integrations, have a look at the respective Help Center articles.

Comments

0 comments

Article is closed for comments.

    Topics of this article