top of page

Surprisingly Simple - Identity Governance in Azure AD


One of my client had several requirements related to Identity and Access management for users belonging to their organization , users belonging to their partner organization and users synchronized from on-premises Active Directory Domain Services (aka Windows Active Directory.

In this post I will take each of the above requirement and explain the solutions offered by Azure AD as well as show you how to implement them.

Scenario-1 : Application and User access management for cloud identities (users belonging to client's own organization)

  • The client had several Enterprise Applications, User Groups, and SharePoint Online sites.

  • The client wanted to provide access to the above mentioned applications, user groups and SP Online site without the intervention of IT team and on-demand ( aka access request) .

  • For certain applications and SP Online sites client wanted to implement approval workflows for some of them automatic approval.

  • Client had 250 users who shall be managed using Entitlement Management via Identity Governance feature.

Prerequisites for Scenario-1

  • Licensing requirements

  • The client need to have Azure AD premium P2 or Enterprise Mobility + Security E5 license

  • License and registration of SaaS / Custom Applications in Azure AD

  • As many licenses as required for

  • Member users who can request an access package.

  • Member users who request an access package.

  • Member users who approve requests for an access package.

  • Member users who review assignments for an access package.

  • Member users who have a direct assignment or an automatic assignment to an access package.

What will you need to develop a Proof Of Concept (PoC) for scenario-1

  • Global Administrator privileges for Azure AD tenant

  • License as mention above ( You can use the trial version of Azure AD P2 license - watch the video below)

  • Applications you want to include in Access Package

  • Test User Account in Azure AD

  • Test Group in Azure AD

For this scenario we will see an example to register a SharePoint online site in the Access Package and then configure the access package so that it can be requested (in other words a user may request access through access package).

Create and Configure Catalog & Access Package using Azure AD Identity Governance

Watch the video below to know how to create and configure

  • Catalog

  • Access Package

Testing Identity Governance feature - Access Package

After we have configured the access package we want to test it to confirm that it works as expected.

  • Request Access via My Access Portal link

  • Access the application (in our case SharePoint Online Developer Site)

Conclusion - Scenario-1

  • We can create access package to automate identity governance and configure role assignment, group access, and application access.

  • We have granualr control over the several features of Access package .

  • Multiple Access Packages can be created for specific scenarios and put in a catalog


Hi, I'm Nived Varma

Looking to try something new and enjoyable? Need a bit of one-on-one guidance from a reliable professional? Sometimes all it takes to really understand a concept is a considerate instructor who knows how to teach at your pace. Having worked with clients throughout India and abroad since 1995, I bring a depth of teaching experience and knowledge to those who are eager to expand their minds, talents, and skills. Contact me to see how I can be of service to you.

  • Facebook
  • LinkedIn

Creativity. Productivity. Vision.

What is it that fuels you? For me, it’s SKILLMENTORING. I love writing about my daily life and what interests me, and sharing all of my thoughts with my readers. The site is an open and honest platform about how to make the best of what comes my way. SKILLMENTORING is truly my passion project, gaining more and more traction each day. I hope you enjoy my site and all of the unique content I offer. Take a look around; perhaps you’ll discover what exhilarates you as well. Are you ready to be inspired?


Thanks for subscribing!

bottom of page