What is a one sentence summary of your feature request?
SMAL SSO supporting users that are Cloud only (EntraID) accounts
Please describe your idea in detail. What is your problem, why do you feel this idea is the best solution, etc.
Currently, Netwrix Access Analyzer (NAA) and the associated Access Information Center (AIC) only support SAML Single Sign-On (SSO) for administrator accounts that are synchronized with on-premises Active Directory (AD). In order to leverage SAML SSO, organizations must synchronize their on-premise AD environment with Microsoft Entra ID (previously Azure AD). This means organizations that rely solely on cloud identities or have different directory setups (such as cloud-native or multi-cloud environments) cannot take advantage of SAML SSO for administration unless they invest in, configure, and maintain this synchronization.
We propose extending SAML SSO support within NAA and AIC beyond only administrator accounts synced with on-premise AD. Specifically, the capability should include support for:
Cloud-only Azure AD/Entra ID accounts (not just synced users),
Accounts managed in other supported directory services,
Flexible IdP integration even where on-prem AD sync is not feasible.
The Problem
The current requirement for on-premise AD synchronization imposes several challenges:
Complexity and Overhead: Not all organizations maintain legacy on-prem AD infrastructure. Forcing the deployment and upkeep of AD Connect solely for SAML SSO adds avoidable complexity, cost, and management overhead.
Modernization Limitations: Many organizations are migrating to cloud-native architectures and moving away from on-premise directory services. This restriction prevents fully cloud-first organizations from utilizing SAML SSO for secure access to NAA/AIC.
Security Concerns: Some organizations purposely avoid on-premise/cross-cloud synchronization for security, regulatory, or operational reasons.
Reduced Accessibility: Non-admin users, or admin users outside the on-prem-sync group, may not benefit from secure, federated SSO, leading to inconsistent authentication experiences and potentially riskier standalone credentials.
How do you currently solve the challenges you have by not having this feature?
Currently the admins must log in with accounts that are in Both AD and EntraID