Azure Integration Overview

The scope of this guide is to help you enhance Ivanti Workspace Control with the following Microsoft Azure capabilities:

  • Enabling Workspace Control to save user settings to Azure blob storage — a cloud based storage solution from Microsoft.

    User settings are synchronized between the local file system and the Azure blob storage at the start and at the end of user sessions managed by Workspace Control.

  • Enabling Workspace Control to access and utilize Azure AD users and groups.

    Workspace Control can deliver applications and resources based on user and group information retrieved from the Azure AD.

This solution enables Workspace Control to save user settings to the Azure blob storage resource and consists of the following components:

  • One or more Azure tenants

    An Azure tenant represents a single organization, where all users for that organization reside.

  • One or more Azure blob storage accounts

    The blob storage account hosts the Workspace Control user settings in the Azure cloud environment.

  • Workspace Control Composer

    The Composer synchronizes user settings between the user's local machine and the Azure blob storage during the start and the end of Workspace Control managed sessions, or during sessions at defined cache intervals.

  • Workspace Control Web Service

    The Web Service is an Azure App Service that authenticates the Workspace Control user with the Azure tenant using shared access signature (SAS) tokens.

    For more information about SAS, see the following Microsoft article:
    https://docs.microsoft.com/en-us/azure/storage/common/storage-sas-overview

The following illustration provides an overview of how the different components interact:

This solution enables Workspace Control to utilize Azure AD users and groups like any other supported Directory Service and consists of the following components:

  • One or more Azure tenants

    An Azure tenant represents a single organization, where all users for that organization reside.

  • One or more Azure application registration(s)

    The registered application uses Microsoft Graph API to access Azure AD user and group information and delivers this information to the Workspace Control Composer.

  • Workspace Control Composer

    The Composer deploys applications, printers, menu items and settings to which the end user is granted access based on their Azure AD membership.

The following illustration provides an overview of how the different components interact:

Consider that Microsoft Azure is a cloud service when configuring advanced detection for connection states under User Context > Connection States. Such configurations can impact the performance and functionality of the Azure User Settings and Azure Active Directory integrations.
For more details about Connection States, see the Ivanti Workspace Control Administration Guide.