Warning

Work in Progress: This page is currently under construction. Content may be incomplete or subject to change. To contribute, see the contribution guide.

Identity & Access Management (IAM)

All identity at Patria Investments is managed through Microsoft Entra ID (formerly Azure Active Directory). This page describes how access is granted, reviewed, and revoked.

Identity provider

Access lifecycle

flowchart LR
    Request[Access Request\nServiceNow] --> Approve[Owner Approval]
    Approve --> Provision[Provisioned via\nEntra ID group]
    Provision --> Review[Periodic Review\n90 days]
    Review --> Revoke[Revoked if\nno longer needed]

Requesting access

1. Open a ticket in ServiceNow — category Access Management
2. Specify the system, role or Entra ID group, and business justification
3. Approval required from the resource owner
4. The Infra / Security team provisions access within 1 business day

Access review

• All non-standard access is reviewed every 90 days
• Managers confirm whether each user still requires access
• Unused access is revoked automatically after the review deadline

Access revocation

• Initiated automatically on offboarding (HR triggers ServiceNow workflow)
• Emergency revocation: contact the Security team directly — see Contacts

Groups & roles

MFA policy

• MFA is mandatory for all accounts with no exceptions
• Supported factors: Microsoft Authenticator app (preferred), FIDO2 hardware key
• SMS/voice OTP is not permitted as a standalone factor

Privileged access

• Privileged roles (Global Admin, Subscription Owner) are assigned Just-in-Time (JIT) via Entra ID PIM
• All privileged sessions are logged and auditable
• Standing privileged access is not permitted

Related

• Access Review Process
• Security Policies
• System — Entra ID