The Cloud Experience Everywhere
1823931 Members
3071 Online
109667 Solutions
New Article ๎ฅ‚
Cloud_Experts

Centrally manage user identity while giving business groups autonomy with HPE GreenLake

By Paul Zinn, Senior Product Marketing Manager, HPE GreenLake cloud

gl-manage-user-identity-main.pngLarge enterprises can be complex beasts. These organizations often contain multiple groups, such as business units or geographic areas, that act independently of each other. Such groups are separated in many ways, and that can often include separate sets of cloud resources to run their respective workloads. In HPE GreenLake, this is usually accomplished by creating a workspaceโ€”an isolated single-tenant environment, for each of these groups within the enterprise.

While this creates the independence that the business needs, until now it has also created additional effort and risk for the IT staff, who had to perform identity and access management (IAM) across these multiple, separate workspaces.

We are happy to announce that a new capability in HPE GreenLake called organization governance now enables enterprise IT teams to centrally manage identity, authentication including SSO, and workspaces from one point for simpler operations and better security. Organization governance is part of an enhanced IAM experience that also adds DNS-based domain claiming, providing better security for single sign-on (SSO).

A workspace hierarchy

By creating an organization from a workspace, you establish it as the management workspace for the organization, at the top of a hierarchy that can include multiple organization workspaces for your business groups.

Picture1.png

From this management workspace you can centrally manage the organization, making settings that apply not only to the management workspace but to all of the organization workspaces as well. Letโ€™s take a look at a couple of these.

User lifecycle management

Though many of your users will only need access to a single workspace, some (particularly in corporate IT) will need access to multiple workspaces. Instead of inviting these users to each individual workspace, you can invite them at the organization level, which allows them to authenticate across all organization workspaces. This means that when an employee leaves the company, you can remove their access just once, from the organization user directory. This approach minimizes the risk of human error associated with removing multiple user accounts, which can lead to security vulnerabilities.

Single sign-on (SSO)

If you have a SAML SSO identity provider, you are probably already using it with your HPE GreenLake workspaces. But once youโ€™ve created an organization, you only need to create and manage one SSO profile (for each of your domains), not one per workspace. This can save a lot of maintenance overhead.

User groups

User groups streamline access management, allowing you to assign permissions to a group of people instead of doing so for each user individually. And with organization governance you can create a user group at the organization level and assign permissions to it in any organization workspace.

Picture2.png

More secure domain claiming

Claiming a domain to use with SSO is another thing you can do at the organization level, enabling that domain to be used for SSO across all organization workspaces. But the enhanced IAM experience for HPE GreenLake also brings a related improvement. Domain claiming is now DNS-based, requiring a TXT record to be added to your domainโ€™s DNS records to verify a claim. This ensures that only authorized administrators from your company can claim your domain.

Getting access to organization governance

Today, the enhanced IAM experience is available only to new Standard Enterprise workspaces. When you create a new workspace, you can choose the enhanced IAM experience for it and either create an organization or join an existing one.

Over the next several months, we plan to upgrade all existing Standard Enterprise workspaces to the enhanced IAM experience. If you already own such a workspace, youโ€™ll be notified in advance of your upgrade with specific timing. Once the upgrade is complete, that workspace can join an organization.

Next steps

For an overview of the steps involved in setting up organization governance for a sample company, watch the seven-minute video, Getting Started with Organization Governance. For the full details, you can also view the documentation for organization governance.


Paul Zinn - current headshot-SMALL.pngMeet HPE Blogger Paul Zinn, Senior Product Marketing Manager, HPE GreenLake Cloud

In over thirty years in the enterprise software industry with mature companies and startups, Paul has held roles both for building products and for bringing them to market. Before joining the marketing team, he led a product management team that built usage and cost analytics for HPE GreenLake. Currently, his primary focus is product marketing for the HPE GreenLake edge-to-cloud platform. Paul also works to make HPE GreenLake messaging clear and consistent across the company. In his off hours, he makes music with the Sacramento, California Americana/rock band The Nickel Slots.

Cloud Services Experts
Hewlett Packard Enterprise

twitter.com/HPE_GreenLake
linkedin.com/showcase/hpe-greenlake/
hpe.com/us/en/greenlake

 

 

0 Kudos
About the Author

Cloud_Experts

HPE experts share their insights on how you can transform your business with HPE GreenLake edge-to-cloud platform โ€“ the cloud that comes to you, wherever your apps and data live.