Skip to main content
All CollectionsFrequently Asked QuestionsData Privacy
What measures does Right-Hand implement to ensure data privacy while performing Azure-AD Sync?
What measures does Right-Hand implement to ensure data privacy while performing Azure-AD Sync?
Uzair Ahmed avatar
Written by Uzair Ahmed
Updated over a year ago

Our integration with Azure AD has been purposefully designed to securely ingest user data from Azure into our Right-Hand platform. This article aims to elucidate how this integration effectively eliminates privacy and exposure risks. Moreover, it emphasizes the role of Azure OAuth-based access in providing granular data permissions.

Leveraging Azure AD's Robust RBAC System

We harness the robust Role-Based Access Control (RBAC) system of Azure AD to obtain the permissions required for accessing user data. Azure OAuth provides a secure authentication mechanism, guaranteeing that only authorized individuals with specific roles can access the data. By utilizing OAuth, we establish a trusted relationship with Azure AD, enabling us to access data based on the granted permissions.

The Right-Hand platform only requests the minimum permissions necessary to synchronize user information from Azure AD to the Right-Hand portal. The permissions we require are as follows:

Read All Users: This permission allows us to sync user data from Azure AD to the Right-Hand platform. However, it does not grant us access to modify or manipulate user information. The amount of data accessed will be equivalent to what your company provides in the CSV format.

Read All Groups: With this permission, we can retrieve group-related information, providing our users with a list of groups they can select from to synchronize only specific users.

Read All Domains: This permission enables us to gather domain-related data, allowing your company to sync only those users associated with selected domains to Right-Hand.

Read and Write All Administrative Units: This permission allows us to access administrative unit data. Administrators can utilize this data to filter and sync only those users belonging to selected administrative units.

Limitations of Data Access

It is crucial to understand that our integration with Right-Hand via Azure OAuth-based access does not expose your complete database. Instead, it grants access solely to the data permitted by the aforementioned limited permissions. The amount of data accessed remains consistent with what your company provides in the CSV format. The key difference is that our integration facilitates automatic synchronization without any human intervention, ensuring real-time data updates.

Secure Data Transmission

We prioritize the secure transmission of data between Azure AD and our Right-Hand platform. To achieve this, we employ industry-standard encryption protocols such as Transport Layer Security (TLS) to encrypt all data transfers. This guarantees that data remains protected and inaccessible to unauthorized parties during transit.

Data Retention and Deletion

Compliance with stringent data retention policies is a fundamental aspect of our platform. We ensure that only necessary user data is stored within our platform. Once the data is no longer required, it is securely and promptly deleted. We strictly adhere to the agreed-upon retention period, mitigating risks associated with prolonged exposure.

Transparency and Accountability

We strongly believe in maintaining transparency and fostering open communication with our valued customers. Our dedicated team is readily available to address any questions or concerns you may have regarding data privacy and security. We provide regular updates on our security practices, system enhancements, and any changes that may affect the Azure AD integration with Right-Hand.

Did this answer your question?