In this article, we will learn the methods for Integrating Azure Active Directory with on-Premise Active Directory. Azure Active Directory (Azure AD) is a multi-tenant, cloud-based identity and access management service. Azure Active Directory (Azure AD) offers single sign-on (SSO) and multi-factor authentication. See the following articles for Azure AD Pass-Through Authentication with on-Premise AD, reasons to deploy AAD, and how to set up an Azure AD Tenant. Also, see the following article on how to add a custom domain in the Azure Active directory.
Updated: Azure AD is being renamed to Microsoft Entra ID. The service will continue to function as it does today, and all existing deployments, configurations, and integrations will continue to function as they do today. The display names of service plans will change on October 1, 2023. Azure AD Premium P1 and P2 offers are becoming Microsoft Entra ID P1 and P2, also included in Microsoft 365 E3 and E5
With Azure AD, you can protect your users from 99.9% of all cyberattacks. Below are the three steps in integrating Windows Active Directory (AD) with Azure Active Directory (AD).
Methods for Integrating Azure Active Directory on on-premise AD
- Password hash synchronization (PHS)
- Pass-through authentication (PTA) and
- Federation (AD FS)I will implement and test the integration with ADFS SS0 and Pass-Through Authentication.
- Federation with single sign-on (SSO) ADFS: This option provides SSO capabilities + MFA option and does not store the password hash in the cloud.
- Pass-Through Authentication: This option provides SSO abilities as well but does not have the option to use the MFA and does not store password hash in the cloud.
The Microsoft Hybrid Identity with Azure AD
Microsoft’s identity solutions extend both on-premises and cloud-based capabilities. These solutions create a common user identity for authentication and authorization to all resources, regardless of location. This is referred to as a hybrid identity.
Note: Azure AD Connect replaces legacy Directory synchronization (DirSync) or Azure AD Sync. Azure AD Connect synchronize your on-premises Active Directory to Azure Active Directory.
This allows you to provide a common identity for your users for Office 365, Azure, and SaaS applications integrated with Azure AD. See the video on how to set up Azure AD Connect and synchronize your on-premises AD to AAD.
See how Federating with ADFS with Azure Active Directory works in theory.Lastly, we also have the Azure AD Password Hash Synchronisation. This is really not recommended as the credentials are saved in the cloud. Here is how the authentication happens in the cloud.
I hope you found this blog post on the Methods for Integrating Azure Active Directory with on-Premise Active Directory helpful. If you have any questions, please let me know in the comment session.