6/13/25, 6:01 PM Managing identity within the modern workplace | Silversands | Certified Microsoft Partner

About Us Contact Us AA

Technology  Solutions  Case Studies Events Resources

 CUSTOMER PORTAL 
Hot Topics
Home / Resources / Managing identity within the modern workplace

Managing identity within the modern workplace

Managing identity within the modern workplace

In the first of my blogs about identity I wrote about governance. In my second blog I’m going to talk about managing
identities within the modern workplace.

WHAT IS THE MODERN WORKPLACE?

The modern workplace is an environment without physical or logical boundaries and can provide users with flexible
working along with the ability to access and interact with corporate content from wherever is most convenient. This may
include access from the convenience of home, from a public location, using public facilities such as an airport lounge, a
commercial aircraft, or from anywhere else via mobile devices. Because content is stored and accessed from the
internet, it is always available and accessible.
In addition, and from a business perspective, many benefits are created in this working practise, such as business agility.

https://www.silversands.co.uk/resources/managing-identity-within-the-modern-workplace/ 1/7
6/13/25, 6:01 PM Managing identity within the modern workplace | Silversands | Certified Microsoft Partner

WHY IS IT IMPORTANT TO ADOPT AN ACCESS STRATEGY FORContact Us

About Us AA
SECURITY?
When adopting a Cloud strategy as part of an overarching IT transformation program, or as an enabler to ’digital
business’ objectives,
Technology  the fundamental
Solutions  ‘access
Case control’ shifts
Studies Eventsfrom that of a traditional firewallingof assets
Resources approach to
CUSTOMER PORTAL 
HotofTopics
that identity management. This shift is so much so, that the term ‘Perimeter’ essentially no longer exists, and is
broadly replaced by the term ‘identity is the perimeter’. Moreover, the security controls and tools that were once used
for perimeter defence are now not good enough to provide enough control in modern IT solutions.
Currently, the strategic option for any business which has this dilemma is to look to adopt an identity and access
management (IAM) strategy, which will allow a new perimeter around corporate access to be created, by strictly
controlling identity access along with identity lifecycle.
As with traditional on-premises access strategies, this is especially important when it comes to controlling access for
former employees and ensuring that these unauthorised users are not allowed continued access to corporate data
within Cloud services after leaving the business. In principle, the only way to govern this area is to utilise a solution which
stores and maintains access control through a centralised identity service, and one which fully provides lifecycle
management.
In a scenario where Azure AD is used as a business’s main Cloud identity store, which is likely already governed by an on-
premises AD via synchronisation; this only deals with half of the issue. The other half is how to control on-going access
to Cloud services, whilst ensuring that security controls are in place to easily and quickly revoke it if necessary. This, in
addition to bridging technical boundaries such as inter-forest connectivity, or inter-platform diversity.

WHY DO I NEED TO PLAN MY SOURCE OF IDENTITY MANAGEMENT

FOR THE FUTURE?
When adopting a Cloud strategy, it is important to review the current sources of truth for identity within your business,
as this will provide an understanding of how the business is controlling and will control access to systems and data.
Typically, and in most cases this is managed via a Human Resources (HR) process, either automated or via a manual
process; noting that the former provides the most value both in terms of security and efficiency.
Another key consideration is that the current on-premises HR system may not be on-premises in the future and may
actually be a best of breed SAAS application (such as Workaday, Ultipro or other). Moreover, as the adoption of line of
business applications shift towards a Cloud-first strategy, the underlying identity and access management model should
also be adjusted in alignment with this.
Whilst designing an IAM solution, it may also be useful or necessary to converge or blend user information from multiple
data sources. For example, imagine that data may not only be contained within Active Directory alone and may instead
be held within a Phone system, HR, and Active Directory. In this scenario, it may be useful to determine which data is
relevant for which application and to then use this data meaningfully within Cloud applications and with Cloud identity
lifecycle. This area is something which would ultimately be assessed during the selection criteria and design of such a
solution.
All in all, the objectives or requirements within a business will dictate its long-term strategy; be that by providing more
collaboration with partner organisations or by automating user lifecycle. However, with an ever-evolving Cloud
landscape, one thing is for certain; a business’s identities must be managed now more than ever.

IDENTITY. HOW CAN SILVERSANDS HELP ME WITH THIS?

At Silversands, we understand the importance of selecting the correct long-term IT strategy within a business, especially
in relation to the shift of architecture from that of on-premises to that of the Cloud. Additionally, Silversands has been
working with identity systems for many years and understands the nuances and importance of this element within the
overall foundations of IT solutions.
With the adoption of ‘Cloud-first’ strategies, or even for customers who are caught up by the challenges of unifying their
disparate Directory infrastructures in readiness for a Cloud strategy; these are all areas where Silversands has the
expertise and solutions to assist. Be that domain reconstruction because of a merger or divestiture or for a full identity
https://www.silversands.co.uk/resources/managing-identity-within-the-modern-workplace/ 2/7
6/13/25, 6:01 PM Managing identity within the modern workplace | Silversands | Certified Microsoft Partner

About Us Contact Us AA
management platform design or approach.
In line with this, Silversands has selected best of breed solutions to ensure that its customers can adopt an appropriate
Cloud strategy, whilstSolutions
Technology ensuringthat itsCase
architecture
Studies is optimised
Events forResources
security and aligned for maximum business agility.
 CUSTOMER PORTAL 
Hot Topics
Silversands has two product offerings which are suitable in this regard, Azure AD and Okta.

AZURE AD
Azure AD, as most customers are already aware, is the backbone directory used by Microsoft for Office 365 and other
Azure workloads. This is typically aligned with an on-premises directory using a synchronisation service known as AAD
Connect or in some instances, Cloud provisioning. Typically, customers will utilise Single sign-on (SSO) by utilising either
ADFS or via passthrough authentication and will sign into Azure to access these workloads. With this configuration in
place, this essentially uses Azure AD as an identity provider (IDP) and ADFS as a chained IDP.
In this configuration, Azure AD is also capable of providing some identity management capabilities, in addition to
providing access management/governance, attestation, provisioning and deprovisioning – all available with the Azure P2
license skew.
Azure AD also provides the ability to provide JIT provisioning capabilities for first and third party SaaS applications.
Microsoft provides a list of pre-packaged applications which can be selected within the Azure AD gallery and configured
for provisioning, assuming that each supports SCIM (System for Cross-domain Identity Management). In this scenario,
Azure AD acts as a SCIM client but expects any integrated application to provide the SCIM server component. If this is
not the case, the pre-built SCIM provisioning methods are not viable.
Microsoft does not have the most up to data catalogue in this regard, and typically this is where Silversands is engaged
to provide assistance, in addition to designing the access and identity platform correctly.

https://www.silversands.co.uk/resources/managing-identity-within-the-modern-workplace/ 3/7
6/13/25, 6:01 PM Managing identity within the modern workplace | Silversands | Certified Microsoft Partner

About Us Contact Us AA

Technology  Solutions  Case Studies Events Resources

 CUSTOMER PORTAL 
Hot Topics

OKTA
Okta is a Cloud (SAAS) solution which has been developed specifically for Cloud architecture from the ground up,
thereby making it uniquely positioned within the market. It provides the most fully featured Cloud identity solution,
providing Single sign-on, Multi-factor authentication, and flexible lifecycle management. Its main selling point is being
able to act as an abstraction layer for connecting desperate directories together, whilst providing translation between
each. This abstraction layer allows Okta to integrate with any directory, be that Active Directory, LDAP/Linux, CSV, or
using a hosted LDAP interface. This enables flexibility, facilitating identities from any existing solution, culminating in the
ability to consolidate many different directory identities, or perhaps where directories are non-connected together.
Okta is also able to integrate with the best of breed security SaaS products, be that CASB vendors, IGA vendors, SIEM
vendors, and so on (M&A).

WHAT SCENARIOS COULD THESE PLATFORMS HELP ME WITH?

SCENARIO ONE
If a customer is planning to adopt Office365 or has already done so, the architecture to enable a customer to leverage
the abilities of Azure Active Directory already exist and can be therefore utilised to deliver a Cloud access platform,
assuming that an Azure P2 license will be procured or is in place already.
The next step within this journey will be to review requirements for ‘Cloud Access’ within the business, and in Silversands
experience will include the following:
How will access applications be secured (MFA, Conditional Access?
Do the selected application vendors support modern SSO protocols (OAuth, SAML) and do they also support
provisioning and deprovisioning (SCIM)
How will applications be managed (By role)?
How will application access be attested
How will Guest access be controlled?
How will Groups be controlled?

SCENARIO TWO
Imagine the scenario below wherein multiple infrastructures are in place within a business, which may exist due to
acquisition, financial or geographic operational business models, but regardless are difficult to manage. Each of these
business divisions have their own directories, representing its identities (users), along with independent systems and
access controls to provide governance.

https://www.silversands.co.uk/resources/managing-identity-within-the-modern-workplace/ 4/7
6/13/25, 6:01 PM Managing identity within the modern workplace | Silversands | Certified Microsoft Partner

As you can image, this situation presents many challenges in terms of providing a holistic collaborative solution across
the entire business, in addition to the adoption of centralised applications or Cloud technologies. About Us Contact Us AA

This situation is far from unique in Silversands experience and is one which has many variations and nuances.
ToTechnology
help resolve this scenario,
Solutions and at aCase
basicStudies
level, one possible
Events solution is shown below and depicts the creation of a
Resources
   CUSTOMER PORTAL 
new
Hotidentity
Topics layer which sits above each of the business divisions.

On the diagram, this has been labelled as an ‘identity abstraction layer ‘, and essentially provides a ‘virtual glue’ allowing
centralised services in the cloud or on-premises to be delivered and managed securely from one place, with one identity
and with single sign-on capabilities.
By providing this layer, cross-business collaboration is possible, in addition to providing a single directory of information
for an entire business.
Additionally, the information contained within this abstraction layer can then be utilised to control or populate data
within Cloud applications, which in turn will unify governance and compliance.
Conversely, and if we turn this diagram on its head, it may also be that the identity abstraction layer may be populated
by a cloud identity – such as a SAAS HR solution, which in-turn will provision users and services within each required
system, be that Cloud or on-premises.

IN MY THIRD AND FINAL BLOG IN THIS SERIES I WILL BE WRITING ABOUT SPECIFIC
GOVERNANCE AROUND IDENTITIES WITH A FOCUS ON SYNTHETICS (BOTS, APIS,
MACHINES).

WHAT NEXT?
For more information on Azure AD identity or Okta Cloud identity management or for technical expertise relating to
mergers and acquisitions, please contact Silversands who will organise a follow-up activity with one of its Consultants.
Silversands is a Microsoft Gold Partner of over 30 years standing, which specialises in Microsoft 365 delivered across
cloud (Azure) and hybrid IT infrastructures. We provide consultancy, support and user adoption services. We are
running a series of webinars this quarter and our experts produce frequent blogs. So do follow us.

https://www.silversands.co.uk/resources/managing-identity-within-the-modern-workplace/ 5/7
6/13/25, 6:01 PM Managing identity within the modern workplace | Silversands | Certified Microsoft Partner

SHARE THIS RESOURCE   

About Us Contact Us AA

OTHER RESOURCES
Technology  Solutions  Case Studies Events Resources
 CUSTOMER PORTAL 
Hot Topics
BLOG
Power Platform Wizards - Strengthening Admin & Governance - Intro

BLOG
Power Platform Wizards - 2 of 13 - Environment Admin

BLOG
Power Platform Wizards - 1 of 13 - Admin Role

PREVIOUS POST NEXT POST

Power Platform: From Paper to Automated Process Information Protection Automatic Labelling

https://www.silversands.co.uk/resources/managing-identity-within-the-modern-workplace/ 6/7
6/13/25, 6:01 PM Managing identity within the modern workplace | Silversands | Certified Microsoft Partner

About Us Contact Us AA

© Copyright Silversands
Technology  2025Solutions
All Rights
 Reserved Chess ICT Limited
Case Studies RegisteredResources
Events Company No. 04512773 Group VAT Web Design & Development
 CUSTOMER PORTAL 
Hot Topics
Registration No. 236 2246 24 Sitemap by Identify

https://www.silversands.co.uk/resources/managing-identity-within-the-modern-workplace/ 7/7