Below are the three steps in integrating Windows Active Directory (AD) with Azure Active Directory (AD).
- Password hash synchronization (PHS)
- Pass-through authentication (PTA) and
- Federation (AD FS)
I will be implementing and testing the integration with ADFS SS0 and Pass-Through Authentication.
- Federation with single sign-on (SSO) ADFS: This option provides SSO capabilities + MFA option and does not store the password hash in the cloud.
- Pass-Through Authentication: This option provides SSO abilities as well but does not have the option to use the MFA and does not store password hash in the cloud.
The Microsoft Hybrid Identity with Azure AD: Microsoft’s identity solutions extend both on-premises and cloud-based capabilities. These solutions create a common user identity for authentication and authorization to all resources, regardless of location. This is referred to as a hybrid identity.
Note: The Azure AD Connect replaces legacy Directory synchronization (DirSync) or Azure AD Sync. Azure AD Connect synchronize your on-premises Active Directory to Azure Active Directory. This allows you to provide a common identity for your users for Office 365, Azure, and SaaS applications integrated with Azure AD. See the video below on how to set up Azure AD Connect and synchronize your on-premises AD to AAD. https://channel9.msdn.com/Shows/OEMTV/OEM1710.
See how Federating with ADFS with Azure Active Directory works in theory https://techdirectarchive.com/2020/02/02/federating-with-adfs-with-azure-active-directory/
Lastly, we also have the Azure AD Password Hash Synchronisation. This is really not recommended as the credentials are saved in the cloud. Here, the authentication happens in the cloud.