Varonis debuts trailblazing features for securing Salesforce. Learn More

Varonis named a Leader in The Forrester Wave™: Data Security Platforms, Q1 2023

Read the report

Add Varonis to IAM for Better Access Governance

2 min read
Published June 17, 2020
Last updated June 16, 2023

Managing permissions is a colossal job fraught with peril, and over-permissive folders are the bane of InfoSec and a hacker’s delight. Many organizations employ IAM (Identity Access Management) to help manage and govern access to applications and other corporate resources.

One of the challenges that remains after implementing an IAM solution, however, is how to apply its principles to unstructured data. IAM may be able to help you manage group memberships in Active Directory, but can’t tell you which data each group gives access to. It’s like managing the keys on a keyring without knowing which doors they unlock.

Get the Free Essential Guide to US Data Protection Compliance and Regulations

That’s where Varonis comes in. DatAdvantage has a bi-directional permissions view: just double-click on a folder, site, or mailbox to see who has access to it or click on a user or group to see everything they can access – across all your data stores.

Our customers often find that IAM is overprovisioning access based on roles, and Varonis will bring attention to those issues and help you fix them.

Varonis integrates with IAM to enhance and increase their capabilities, bringing together a holistic data security solution.

How Varonis integrates with IAM

Varonis DataPrivilege enhances the IAM process by taking the IT staff out of the approval chain for data access and putting that decision back with the data owners. Once that’s taken care of, you can implement a workflow to maintain least privilege permissions.

Varonis facilitates the integrations with both SOAP and REST API. With the API, you can synchronize managed data with your IAM/ITSM solution, and return instructions to DataPrivilege to execute and report on requests and access control changes. You’ll be able to use the integration to externally control DataPrivilege entitlement reviews, self-service access workflows, ownership assignment, and more.

The integrations allow for several standard use cases:

  • Data-Side Entitlement Review: From the IAM system, a user can request a report of the permissions on a folder for auditing, with options for removal
  • Line Manager User Side Entitlement Review: A manager selects one of their direct reports to pull a list of all groups/permissions that user is a member, and can request changes directly from the list
  • Self Service Access Request Workflow: Users request folder or group access, and DataPrivilege manages the approval process
  • Provisioning/Deprovisioning Workflow: Creating a new user in the IAM triggers a process to provide that user with standard permissions based on their job function, and conversely deprovisioned users get removed from all groups, so there are no orphaned accounts left in groups

Advantages of adding Varonis to your IAM strategy

On top of the IAM integration capabilities, Varonis helps build out a strong data security strategy: adding monitoring, classification, threat detection, and more to your arsenal.

If you have an IAM or you are planning on implementing an IAM as part of your data security initiatives, we’ll show you how to get even more out of your IAM by integrating with the Varonis Data Security Platformclick here for a personalized demo to get started.

What you should do now

Below are three ways we can help you begin your journey to reducing data risk at your company:

  1. Schedule a demo session with us, where we can show you around, answer your questions, and help you see if Varonis is right for you.
  2. Download our free report and learn the risks associated with SaaS data exposure.
  3. Share this blog post with someone you know who'd enjoy reading it. Share it with them via email, LinkedIn, Reddit, or Facebook.
Try Varonis free.
Get a detailed data risk report based on your company’s data.
Deploys in minutes.
Keep reading
DSPM Deep Dive: Debunking Data Security Myths
DSPM is the leading acronym in cybersecurity. However, the recent buzz has cluttered the meaning of data security posture management. Let's demystify it.
Speed Data: Rethinking Traditional Cybersecurity Principles With Rick Howard
Rick Howard, author, journalist, and Senior Fellow at the CyberWire, chats about his new book on rebooting cybersecurity principles with Varonis' Megan Garza.
The Benefits of Threat and Data Breach Reports
Threat and data breach reports can help organizations manage security risks and develop mitigation strategies. Learn our three pillars of effective data protection and the benefits from these reports.
Three Ways Varonis Helps You Fight Insider Threats
Insider threats are difficult for organizations to combat. Varonis’ modern cybersecurity answer uses the data security triad of sensitivity, access, and activity to combat threats.