SaaS Authorization Management Overview
SaaS Authorization Management provides out-of-the-box support to leading SaaS vendors. It enables the Platform to integrate with SaaS vendors to provide standardization and centralized authorization management while supporting distributed deployment across the organization’s technology stack.
Integration with the vendors is accomplished through Policy Orchestration. This service is designed to discover, map, and manage SaaS vendor Policies by utilizing their native capabilities using available APIs.
- PlainID’s Policy Administration Point connects to the SaaS Application and discovers existing policies.
- Administrators manage and create access control Policies within PlainID’s dashboard.
- New and updated Policies are then pushed back to the SaaS application.
Policy Orchestration ensures that different authorization and access policies are implemented, enforced, and coordinated effectively to achieve the desired security controls while maintaining consistency and avoiding conflicts.
Once vendor objects and policies are discovered and represented in the Platform, like all policies available within the Platform, they can be viewed as code in structured Rego or visually represented in the Policy Map.
Ensure an Integrations Workspace (formerly Orchestration Workspace) is already created. See Managing POPs to learn more.
SaaS Authorization Management Process
A high-level overview of the SaaS Authorization Management process includes:
- Discovery of Policies from the target platform
- Display of Policies in a unified language
- Management of Policies from the platform
- Monitoring of changes in Policies
The solution helps streamline the process of policy creation, enforcement, and updates, making it easier to maintain a secure and compliant environment:
- Automate and Streamline: By centralizing policy management and automation, organizations can reduce manual efforts required to enforce policies across various systems.
- Ensure Consistency: Policy orchestration ensures that policies are consistently applied across different parts of the organization, preventing discrepancies and security gaps.
- Compliance and Governance: Helps organizations adhere to regulatory requirements and internal governance standards by automating the enforcement of relevant policies.
- Visibility and Monitoring: Provides monitoring and reporting, allowing organizations to track policy enforcement and identify potential issues or violations.
- Adaptability: Facilitates quick updates and adjustments to policies in response to changing business needs, security threats, or regulatory changes.
- Risk Management: By consistently enforcing security and compliance policies, organizations can better manage and mitigate risks related to data breaches, unauthorized access, and other threats.
Learn Mode vs Manage Mode
In PlainID's Orchestration flows, Learn Mode and Manage Mode serve distinct purposes for the gradual onboarding and management of new Policy Orchestration Points (POPs) to the Platform. This section outlines the workflows, key differences, and the impact of both modes.
Discovery Flows
The diagram below depicts the interaction between the Policies Workspace, Integrations Workspace, and the Vendor Tenant in both Learn and Manage Mode:
-
Learn Mode
- Comprehensive Visibility: Provides full visibility into the Policies, Assets, and Identity setup available in the vendor Tenant.
- Native Representation: Captures data in its original vendor language within the Integrations Workspace.
- Standardized Translation: Translates this data into standardized PlainID representation, such as Policy maps and structured language.
- Consistency: Ensures a clear, consistent view of Policies, Templates, and values across different Environments.
-
Manage Mode:
- Policy Management: Enables the ability to manage and deploy Policies seamlessly from Plain ID to the vendor tenant, ensuring streamlined Policy enforcement.
- Policy Reconciliation: Supports side-by-side comparisons of Policies to identify discrepancies and ensure alignment between PlainID and the vendor Tenant.
- Ongoing Maintenance: Focuses specifically on maintaining policies to ensure they remain up-to-date, accurate, and consistent across Environments.
Learn Mode vs Manage Mode: Detailed Comparison
The table below shows how changes in the vendor Tenant are reflected in PlainID's Integrations Workspace (formerly Orchestration Workspace) and Policies Workspace (formerly Authorization Workspace):
| Integrations Workspace Learn Mode | Integrations Workspace Manage Mode | Policies Workspace Learn Mode | Policies Workspace Manage Mode | |
|---|---|---|---|---|
| Asset Template/Assets | ✓ | ✓ | ✓ | ✓ |
| Identity Template | ✓ | ✓ | ✓ | ✓ |
| Values | ✓ | ✓ | ✓ | ✓ |
| Policies | ✓ | ✓ | ✓ | X |
Difference Summary
-
Identity Templates, Asset Templates, and Values: Fully synchronized in both Learn and Manage Mode across all Workspaces since they are not managed in PlainID.
-
Policies:
- Learn Mode: Full synchronization across Policies Workspace and Integrations Workspace.
- Manage Mode: Policies are synchronized only in the Integrations Workspace for visibility and reconciliation, ensuring full transparency. In Manage Mode, Policies are not overwritten in the Policies Workspace, maintaining control. The Policy panel in the Integrations Workspace allows side-by-side comparisons with tWhe vendor Tenant to highlight differences for reconciliation.
By distinguishing between Learn Mode and Manage Mode, PlainID's Orchestration flows enable seamless onboarding and long-term management of POPs. The ability to discover, compare, and reconcile Policies ensures that organizations can maintain alignment and precision as their Environments evolve.
Current Authorizers that support SaaS Authorization Management include:
Refer to the relevant documentation or contact PlainID for information on these Authorizers.