Contact Us

FAQ

Authentication

Learn about SSO, MFA, and Active Directory/Entra ID integrations for secure ITAM access.

How do ITAM tools typically integrate with on-premises Active Directory in cloud deployments, and how does InvGate handle this?

In cloud-based ITAM platforms, direct connectivity to on-premises Active Directory is usually avoided for security reasons. Instead, vendors rely on a secure intermediary service to bridge the cloud platform with internal directory services. InvGate Asset Management uses the InvGate Connector, an on-premises component included with the subscription, to establish a secure LDAP connection to Active Directory. All communication between the Connector and the InvGate cloud instance is encrypted, allowing organizations to synchronize users and directory data without exposing AD directly to the internet.

What happens to ITAM authentication and provisioning when an organization migrates from on-prem AD to Azure AD (Entra ID)?

In hybrid identity scenarios, ITAM tools must support a phased transition rather than a "rip and replace" approach. With InvGate Asset Management, organizations can maintain LDAP-based provisioning from on-prem AD while switching authentication to SAML-based SSO via Entra ID. As identity maturity increases, provisioning can later migrate to SCIM, reducing dependency on LDAP. This staged approach minimizes disruption, avoids duplicate users, and supports long-term cloud identity strategies.

Does InvGate support Single Sign-On (SSO), and which standards are commonly used in ITAM platforms?

Modern ITAM platforms typically rely on industry-standard identity protocols rather than proprietary authentication. InvGate Asset Management supports SAML 2.0 and OpenID Connect (OIDC), enabling SSO with providers such as Azure AD / Entra ID, Okta, Google Workspace, and other compatible identity platforms. This allows organizations to centralize authentication policies, enforce conditional access, and simplify user access management. SSO is available in Pro and Enterprise tiers.

How is Multi-Factor Authentication (MFA) handled in ITAM environments?

MFA is generally enforced at the identity provider level rather than inside the ITAM tool itself, ensuring consistency across applications. InvGate Asset Management supports MFA by integrating with SSO providers that enforce MFA policies, allowing organizations to apply the same authentication controls used across their broader SaaS ecosystem. This approach avoids fragmented MFA configurations and aligns ITAM access with enterprise security standards.

Can ITAM tools separate authentication from authorization?

Yes—and this distinction is critical in mature environments. In InvGate Asset Management, authentication is handled through directory services and SSO providers, while authorization is managed internally through role-based access control (RBAC) and tag-based permissions. This separation allows organizations to centralize identity while maintaining granular control over who can view, modify, or act on specific asset data.