Workforce Identity and Access

Is a shared centralized authentication and authorization capability. It is a platform that provides authorization, roles and groups, enforces security policies, installs and updates software and assists with workforce identity management.  Provides technology for single-sign-on (SSO), extensions to cloud service for authentication, cross organization collaboration with separate M365 instances, and guest accounts for external identities.

More details and prices are available below for each type of identity provided:

  • Enterprise Active Directory (EAD) - a centralized service used for authentication and authorization of users and computers.
  • Active Directory Federation Services (ADFS) migrating to Entra ID – cloud-based identity and access management service used to secure access to applications and extends the ability to use SSO.
  • Azure Active Directory (AAD) – is a cloud-based identity and access management service used manage user identities and secure access to resources both on-premises and in the cloud.
  • Business-to-Business (B2B) – a feature that facilitates secure collaboration between your organization and external partners, clients, and vendors.
  • Active Directory Synchronization Services (ADSS) – used to synchronize identity data between on-premises environments and cloud services. Ensures that user identities, groups, and other directory objects are consistent across different environments.
  • Azure Domain Controllers (DC) – essential for organizations to extend their on-premises Active Directory infrastructure to the cloud.  Provides centralized authentication and authorizations services for users and computers with an Azure environment.

Enterprise Active Directory (EAD)

Enterprise Active Directory (EAD) is a shared employee directory for state employees. Directory information includes work addresses, email addresses, phone numbers and other information.

State agencies using EAD can share information and resources across the network while still operating as individual departments.

Features/Benefits:

  • The EAD allows agencies to work together more easily in a common environment.
  • Basic business functions are simplified, such as the ability to schedule meetings.
  • EAD consolidates information technology resources across state government to standardize, streamline and reduce costs, enabling our partners to focus on the delivery of public services.
  • Sharing technology, services, software and expertise can result in significant savings.

Description

Enterprise Active Directory Fee

Shared Domain

N/A

Agency Hosted Domain

$1,000 per month

Back to top

Active Directory Federation Services (ADFS)

Active Directory Federation Services (ADFS) provides single-sign-on (SSO) technologies to authenticate a user to multiple Web applications (either on or off premises) over the life of a single online session. ADFS accomplishes this by securely sharing digital identity and "claims" across security and enterprise boundaries.

A claim is a statement about a user that is used for authorization purposes in an application. ADFS brokers trust between different entities by allowing the trusted exchange of arbitrary claims that contain arbitrary values. The receiving party uses these claims to make authorization decisions.

What does this mean? It means a user only signs on (authenticates) once and then that sign-on is shared securely with other applications, as opposed to signing on to each application every time the user wishes to use them. This concept is called single sign-on and ADFS makes this possible.

Examples of where WaTech has used ADFS to establish single-sign-on capabilities include HRMS (an on-premises application), Apptio, ServiceNow, and Salesforce (cloud-based solutions.)

The WaTech ADFS service is available to members of the Enterprise Active Directory (EAD). 

Notice to customers:

WaTech is working with customer agencies to migrate applications from Active Directory Federation Services (ADFS) to Entra ID Federation (formerly known as Azure AD). The goal is to migrate all eligible applications by December 2024.

Features & Benefits

  • SSO gives the user the ability to access multiple applications by signing on once.
  • SSO improves efficiency while maintaining security.
  • This service comes bundled with membership in the EAD.

Pre-Service Requirements

Your organization must be a member of the Enterprise Active Directory (EAD) to use this service.

Service Forms & Documents

Back to top

Azure Active Directory (AAD)

Azure Active Directory (AAD) must be a current EAD customer. AAD is a shared flat employee directory for state employees. Directory information includes work addresses, email addresses, phone numbers and other information.

State agencies using AAD can share information and resources across the network while still operating as individual departments.

Features/Benefits:

  • AAD is a Microsoft cloud-based identity and access management service, associated with the Enterprise Shared Tenant.
  • AAD is part of the current M365 G5 license SKU and provides access to resources for internal and external entities.

Back to top

Business-to-Business (B2B)

Business-to-Business (B2B) Guest Accounts is available to existing EAD and AAD customers.

Features/Benefits:

  • B2B collaboration is a feature within External Identities that lets you invite guest users to collaborate with your organization.
  • With B2B collaboration, you can securely share your company's applications and services with guest users from any other organization, while maintaining control over your own corporate data.
  • Work safely and securely with external partners, large or small, even if they don't have Azure AD or an IT department. A simple invitation and redemption process lets partners use their own credentials to access your company's resources.
  • This service is available at no extra cost, due to the current M365 G5 license SKU. Only members of the Guest Inviter Role can invite Guests into ADD.

Back to top

Active Directory Synchronization Services (ADSS)

Active Directory Synchronization Services (ADSS) is a hosted service by Microsoft which runs in Azure Cloud. All configuration work is handled by the ADSS engineers. MCS provides consulting, support, licenses, and compute resources, including monitoring and patching. ADSS consolidates Azure Active Directory (AAD) into a single, simplified Active Directory better suited for integration with the cloud. ADSS enables a single unified global address list (GAL) between two or more AAD Tenants.

ADSS allows organizations to operate independently with the ability to collaborate with multiple AAD Tenants. ADSS syncs users, groups, and contacts between multiple AAD tenants to enable cross-organization collaboration within separate M365 instances.

Back to top

Azure Domain Controllers (DC)

Azure Domain Controllers (DC) is a hosted service by WaTech in Azure to provide agencies an extension of EAD for cloud services. Agencies can connect via VPN from their existing Azure or AWS environments to take advantage of domain services. The service fees include the pre-prod and production environment.

You must be a current EAD customer.

Features/Benefits:

  • Reduce operational and maintenance costs associated with managing identity infrastructure for your virtual machines and legacy applications.
  • Easily migrate on-premises apps and run legacy applications in the cloud.
  • Ensure business continuity with guaranteed service uptime and resilience to failures.

Pricing:

Description

Fee

Base Azure DC Root

$1550 per month

Agency dedicated hosted DC in Azure

$550 per month

Service Forms & Documents

Back to top