DekkoSecure natively supports Azure Active Directory integration. Custom integrations with alternative SSO services such as Okta are supported on a per-engagement basis. Please contact us for more information.
Critically, AAD integration is for authentication only. Access to content such as files and organisational governance is managed by the DekkoSecure application (via sharing permission and Tenancy controls).
Users that authenticate using SSO are able to interact with SSO and non-SSO user respectively, and if a client begins their DekkoSecure without SSO, exisiting users can be automatically migrated to SSO, retaining their files, contacts and Hub membership(s).
Deleting an SSO user will delete their files, avoiding malicious account takeover.
DekkoSecure is able to be added to your Azure AD as an enterprise/third party application. Integration is done via a permissions request link which we will prepare and send to your administrative team following the receipt of your AAD tenant ID.
A formalised testing procedure covering auto-provisioning, account migration and account recreation for deleted accounts follows.
Please contact DekkoSecure for more information.
Group Access Controls
There are multiple options for granting personnel access to register and log in to DekkoSecure, described in the Microsoft documentation page here.
Access to a resource (DekkoSecure) can be assigned on an individual basis, to all users in an AD, or users in a group. DekkoSecure recommends the group option, as this provides the most precise control. Steps for creating a group are here.
If your organisation has already established user groups and wants to grant DekkoSecure access to a subset of those users, groups can be created within groups by following these steps. Finally, to grant DekkoSecure application access to the group, follow these steps.
Optionally Conditional Access controls can be set up to limit where/when/how a user can access DekkoSecure, for example, within the organisation’s network, only during business hours, or with a strict authentication type.
Existing Account Migration
If your organisation started using DekkoSecure with ‘Personal’ logins for users, accounts are automatically migrated the next time they log in after integration.
For example if a ‘Personal’ DekkoSecure log in, ‘email@example.com’ exists and an AAD integration is established, the next time this user authenticates using the AAD account ‘firstname.lastname@example.org’, all data such as groups, files, messages, contacts and meetings will remain. The only difference will be the way the user is authenticated in to DekkoSecure. The ‘Personal’ DekkoSecure log in for this user will also no longer work.
Users external to an AAD-integrated organisation do not need to be in a common AAD to internals - any mix of users from different organisations with different authentication methods can interact freely on DekkoSecure.