Automation in Rescue for On and Offboarding

Now let’s look at two examples for how to add automation into on/offboarding to better follow the Principle of Least Privilege.

Syncing with Microsoft Entra ID (fka Azure Active Directory) allows you to automatically create and manage Admins, Master Admins, and techs directly in Microsoft and then sync them to Rescue. This eliminates duplicate work and the need to manage users in multiple systems.

Aside from offboarding, syncing with Microsoft Entra ID can also simplify permissions and group management. Since the user groups sync with Rescue, you don’t have to reassign the same techs to groups within Rescue. This reduces the risk of accidentally giving an agent too many permissions.

Below are a few things you can do with this feature:

Onboard and offboard of techs and admins 
Distribute users across multiple groups
Define appropriate subgroups when importing or syncing users

IAM vs IdP vs SSO: A quick breakdown

IAM stands for Identity and Access Management, and refers to the broad category of solutions used to manage user access and user identities.

IdP stands for Identity Provider, and is a subcategory within IAM. Also known as directory services, an IdP focuses on managing core user identities, and serves as the source of truth for authenticating users across platforms.

SSO stands for Single Sign On is generally the only thing end users see, as it simply refers to the unified place where users go to sign in. While some IdP providers also have an SSO, SSO as a standalone does not store user identities, but rather serves as the middleman that cross references a user login with the IdP to make sure it’s legitimate.

Even if you don’t use Microsoft Entra ID, you can still manage user accounts in Rescue using your preferred identity provider (IdP). To do this, Rescue works with these providers via Single Sign On (SSO).

While groups and permissions don’t sync, offboarding the account itself in your IdP will disable access to Rescue via SSO. 