By Paul Zinn, Senior Product Marketing Manager, HPE GreenLake cloud
While this creates the independence that the business needs, until now it has also created additional effort and risk for the IT staff, who had to perform identity and access management (IAM) across these multiple, separate workspaces.
We are happy to announce that a new capability in HPE GreenLake called organization governance now enables enterprise IT teams to centrally manage identity, authentication including SSO, and workspaces from one point for simpler operations and better security. Organization governance is part of an enhanced IAM experience that also adds DNS-based domain claiming, providing better security for single sign-on (SSO).
A workspace hierarchy
By creating an organization from a workspace, you establish it as the management workspace for the organization, at the top of a hierarchy that can include multiple organization workspaces for your business groups.
From this management workspace you can centrally manage the organization, making settings that apply not only to the management workspace but to all of the organization workspaces as well. Letโs take a look at a couple of these.
User lifecycle management
Though many of your users will only need access to a single workspace, some (particularly in corporate IT) will need access to multiple workspaces. Instead of inviting these users to each individual workspace, you can invite them at the organization level, which allows them to authenticate across all organization workspaces. This means that when an employee leaves the company, you can remove their access just once, from the organization user directory. This approach minimizes the risk of human error associated with removing multiple user accounts, which can lead to security vulnerabilities.
Single sign-on (SSO)
If you have a SAML SSO identity provider, you are probably already using it with your HPE GreenLake workspaces. But once youโve created an organization, you only need to create and manage one SSO profile (for each of your domains), not one per workspace. This can save a lot of maintenance overhead.
User groups
User groups streamline access management, allowing you to assign permissions to a group of people instead of doing so for each user individually. And with organization governance you can create a user group at the organization level and assign permissions to it in any organization workspace.
More secure domain claiming
Claiming a domain to use with SSO is another thing you can do at the organization level, enabling that domain to be used for SSO across all organization workspaces. But the enhanced IAM experience for HPE GreenLake also brings a related improvement. Domain claiming is now DNS-based, requiring a TXT record to be added to your domainโs DNS records to verify a claim. This ensures that only authorized administrators from your company can claim your domain.
Getting access to organization governance
Today, the enhanced IAM experience is available only to new Standard Enterprise workspaces. When you create a new workspace, you can choose the enhanced IAM experience for it and either create an organization or join an existing one.
Over the next several months, we plan to upgrade all existing Standard Enterprise workspaces to the enhanced IAM experience. If you already own such a workspace, youโll be notified in advance of your upgrade with specific timing. Once the upgrade is complete, that workspace can join an organization.
Next steps
For an overview of the steps involved in setting up organization governance for a sample company, watch the seven-minute video, Getting Started with Organization Governance. For the full details, you can also view the documentation for organization governance.
In over thirty years in the enterprise software industry with mature companies and startups, Paul has held roles both for building products and for bringing them to market. Before joining the marketing team, he led a product management team that built usage and cost analytics for HPE GreenLake. Currently, his primary focus is product marketing for the HPE GreenLake edge-to-cloud platform. Paul also works to make HPE GreenLake messaging clear and consistent across the company. In his off hours, he makes music with the Sacramento, California Americana/rock band The Nickel Slots.
Cloud Services Experts
Hewlett Packard Enterprise
twitter.com/HPE_GreenLake
linkedin.com/showcase/hpe-greenlake/
hpe.com/us/en/greenlake
Cloud_Experts
HPE experts share their insights on how you can transform your business with HPE GreenLake edge-to-cloud platform โ the cloud that comes to you, wherever your apps and data live.
