Azure Active Directory (Azure AD) is a multi-tenant, cloud-based identity and access management service. Azure Active Directory (Azure AD) offers single sign-on (SSO) and multi-factor authentication. With Azure AD, you can protect your users from 99.9% of all cyberattacks. Below are the three steps in integrating Windows Active Directory (AD) with Azure Active Directory (AD). See the following articles for Azure AD Pass-Through Authentication with on-Premise AD, reasons to deploy AAD, and how to set up an Azure AD Tenant. Also, see the following article on how to add a custom domain in the Azure Active directory.
Methods for Integrating Azure Active Directory on on-premise AD - Password hash synchronization (PHS) - Pass-through authentication (PTA) and - Federation (AD FS)
I will be implementing and testing the integration with ADFS SS0 and Pass-Through Authentication.
– Federation with single sign-on (SSO) ADFS: This option provides SSO capabilities + MFA option and does not store the password hash in the cloud.
– Pass-Through Authentication: This option provides SSO abilities as well but does not have the option to use the MFA and does not store password hash in the cloud.
The Microsoft Hybrid Identity with Azure AD: Microsoft’s identity solutions extend both on-premises and cloud-based capabilities. These solutions create a common user identity for authentication and authorization to all resources, regardless of location. This is referred to as a hybrid identity.
Note: The Azure AD Connect replaces legacy Directory synchronization (DirSync) or Azure AD Sync. Azure AD Connect synchronize your on-premises Active Directory to Azure Active Directory. This allows you to provide a common identity for your users for Office 365, Azure, and SaaS applications integrated with Azure AD. See the video on how to set up Azure AD Connect and synchronize your on-premises AD to AAD.
See how Federating with ADFS with Azure Active Directory works in theory
Lastly, we also have the Azure AD Password Hash Synchronisation. This is really not recommended as the credentials are saved in the cloud. Here is authentication happens in the cloud.
I hope you found this blog post helpful. If you have any questions, please let me know in the comment session.