Univention App Highlights: Enhancing Office Solutions Through Advanced IAM Integration

Welcome back to our journey into the world of Univention apps! In this blog
series, we regularly present exciting applications from our App
Center. In our second
episoide, we're diving into IAM integration with two key connectors: the
Microsoft 365 Connector and the Google Workspace Connector. These apps build
bridges and facilitate exchange between your UCS environment and these
essential cloud office solutions.

Office in a Browser: Balancing Necessity with Compromise

Microsoft 365 and Google Workspace have become the go-to platforms for
businesses of all sizes. These cloud-based office solutions are notably
practical, offering easy browser access from various devices, an extensive
array of collaboration tools, and scalable options—a key benefit for expanding
companies. Despite their convenience and ability to cover essential business
requirements, these cloud services are not without their flaws, often
considered a "necessary evil".

The platforms bind companies to their respective ecosystems, creating
dependencies. This connection to a single provider limits choices and raises
significant concerns regarding security and data protection, issues that often
trouble decision-makers and users alike. Neither Microsoft 365 nor Google
Workspace is immune to security vulnerabilities, and the centralized cloud
storage of sensitive corporate data continuously presents a risk.

For those who can't or prefer not to eliminate cloud services from their
operations, finding a way to mitigate security risks without compromising
efficiency and functionality is crucial. This is where effective Identity and
Access Management (IAM) comes into play. Univention Corporate Server offers
a range of robust and powerful IAM functions along with corresponding
connectors that make it easy and secure for users to access the cloud
office—introducing our two apps: the Microsoft 365
Connector and
the Google Workspace Connector.

Microsoft 365 Connector

This app serves as a vital link between your UCS domain and the Microsoft 365
platform. It efficiently synchronizes user accounts and groups from the UCS
directory service to Microsoft Entra ID, previously known as Azure Active
Directory, Microsoft's identity and access management service. Our connector
ensures a smooth transition for all users, enabling them to log into MS 365
using their UCS credentials through Single Sign-on (SSO). It's an optimal
solution for companies and organizations that leverage Univention Corporate
Server for IAM while also wanting to tap into the capabilities of the
Microsoft cloud.

Here is an overview of the features:

• Synchronization: This feature enables administrators to seamlessly add, update, or remove selected UCS users from the Microsoft 365 Azure account; simplified user management as little to no manual intervention is required; the user base is always up-to-date in both systems
• Single Sign-on (SSO): The SSO capability provides straightforward access to the cloud platform. Users can log in using their UCS credentials, granting direct access to all MS 365 functionalities. Importantly, the user's password always remains within the UCS domain.

Setting up the Microsoft 365 Connector

Before you begin installing the app from our App Center, there are a few
essential steps to complete. Firstly, you'll need a Microsoft 365
administrator account and an account with Microsoft Entra (formerly Azure
Active Directory). If you don't already have these, they can be provided by
the manufacturer free of charge for testing purposes. In addition, a domain
verified by Microsoft is required to ensure your organization operates under a
secure and recognized domain. Lastly, you will need a Microsoft 365 business
subscription, which is also available as a free trial. Please note that
connecting with a private Microsoft account is not an option.

Our manual describes the exact steps for configuration in the Microsoft 365
Connector chapter. Once you're ready, proceed with installing the app. A
user-friendly setup wizard is provided to guide you through all the necessary
steps to get you up and running.

All other adjustments are made through the Users module of the Univention
Management Console (UMC). Within this module, you'll notice a new tab
labeled Microsoft 365 for each user profile. It's important to remember that
any modifications made to user data in UCS will automatically be replicated in
Microsoft Entra ID. However, the process isn't bidirectional; changes made
directly in MS Entra won't sync back to UCS. If users or groups are
deactivated or renamed there, they aren't deleted but merely deactivated,
enabling the reallocation of their licenses as needed.

Since 2021, the connector has expanded its capabilities to include support for
collaboration with MS Teams. This feature allows UCS groups to be established
as Teams within Microsoft 365, all managed via the UMC. During the setup
process, you'll assign a team owner who will then handle additional
configurations directly in the Teams interface. Once you've activated a UCS
group as a Team in Microsoft 365, its members are automatically added to the
new team.

Google Workspace Connector

This app acts as a gateway to Google's cloud services, ensuring user
identities stay safely within your own IT infrastructure. This allows for
complete control over user data. The connector is compatible with both the
business edition of Google Workspace, ideal for companies with up to 300
users, and the education version, designed for educational institutions.
Thanks to the single sign-on feature, user passwords are securely contained
within the UCS domain, maintaining the security of sensitive access
information in your environment.

Key Features Include:

• Single Sign-on (SSO): Enables users to log in using their UCS credentials, providing direct access to all Google Workspace functionalities. The user password always stays secure within the UCS domain; users do not need to create and manage their own Google account.
• Central License Management: This feature allows administrators to effortlessly monitor and manage licenses and associated costs.

Setting up the Google Workspace Connector

To set up the Google Workspace Connector for your UCS environment, begin by
ensuring you have a Google administrator account. This account is needed to
log in to the Google Admin Console, where you can manage Google services for
all users in your organization. Note that a private Google account will not
suffice for this purpose. Additionally, you'll need a domain verified by
Google. Fortunately, both can be obtained from the provider at no cost for
testing purposes.

After installing the Google Workspace Connector app, a setup wizard will
launch, guiding you through the initial configuration steps.

The remaining configuration steps for the Google Workspace Connector are
conducted via the Users module in the Univention Management Console (UMC).
For all user objects, there is now a new tab called Google Apps which allows
you to designate whether an account should be provisioned to Google Workspace.
Any changes made in the UCS directory service are automatically synchronized
with the Google service. Similar to the Microsoft 365 Connector, this
synchronization is unidirectional, meaning that modifications made in the
Google domain are not automatically transferred to the UCS system. If you
deactivate an account’s Google Apps feature in UCS, it will automatically be
removed from the Google domain. This mechanism ensures that user information
remains consistent and up-to-date across both systems.

For more information about the setup, please read the Google Apps for Work
Connector chapter in our manual.

Final Thoughts: Join the Conversation in Our Community

Wrapping up, we're left with an important question: Is identity and access
management like this really the best way to go? Does the ease it brings make
up for being tied to certain platforms and the security worries that might
come with it? For companies and organizations that can't let go of Microsoft
or Google cloud services, our connector apps are a solid and secure choice for
both users and admins. And if you're thinking of moving away from the big
cloud providers, our App Center is full of collaboration and office tools
under open source licenses that fit right into the UCS environment.

What's been your journey with Univention Corporate Server as an IAM solution?
Have you tried out any of the connectors we talked about in this article? We'd
love to hear about your experiences. Share your stories with us and the
community.

Visit the Forum Univention Help and become a
part of our community!

Image source: Icon created by
Freepic from flaticon.com

Der Beitrag Univention App Highlights: Enhancing Office Solutions Through
Advanced IAM Integration erschien zuerst auf
Univention.

link