HR-Driven Provisioning for Hybrid AD – Video Implementation Guide

HR-Driven Provisioning for Hybrid AD – Video Implementation Guide

Learn how to build an HR-driven provisioning solution for your AD & Azure AD with our video implementation guide, and get your solution up & running for a typical scenario. Step-by-step you'll learn how to build a system that automates the joiner/mover/leaver lifecycle. There's no better end-to-end explanation and demonstration anywhere!

Hugh Simpson-Wells, Oxford Computer Training's CEO and Founder

12-month organizational subscription (up to 3 users), including 17 videos

All courses £349 / $499 / €429

plus VAT if applicable

HR-driven provisioning made easy – learn how to build a hybrid solution for your Active Directory and Azure Active Directory with our video implementation guide

What’s the problem?

Many organizations have invested in Office 365 alongside their existing Active Directory estate, or are planning to do so. An integrated, automated HR-driven approach has clear advantages, but the apparent cost and complexity of implementing MIM (the Microsoft tool of choice for connecting legacy HR systems) can be off-putting.

What’s the solution?

This “Enabling the Cloud through Hybrid Identity” video implementation guide is based on the experience of hundreds of implementations. We focus on a common scenario in which there is a single source of truth (such as an HR system, or student enrolment system), a single Active Directory Forest, and a single Azure AD Tenant, and have produced a simple, step-by-step implementation guide.

Will it work for us?

This video implementation guide covers a common scenario in which there is a single source of truth (such as an HR system, or student enrolment system), a single Active Directory Forest, and a single Azure AD Tenant. While the content will be relevant for more complex scenarios, it may not be sufficient in all cases.

What if our scenario is more complex?

In the videos we have assumed that an HR system is able to present a SQL Server table or view. You may have a system that is based on a different database, presents an API, or can only work with a transfer file.

If your scenario is basically of a similar complexity to the one we use in the videos, but has different connectivity requirements, we will – at our discretion – provide free support and advice on how to handle it as part of the subscription.

If your scenario is significantly more complex, we would suggest a consultative approach, for example as part of one of our TrainingPlus packages. We are happy to discuss your requirements in advance, or at any stage.

What’s included in the video implementation guide?

A 12-month subscription (which costs just £349 / $499 / €429) offers:

  • 8½ hours of course content in 17 videos
  • Step-by-step “how to” instructions, explanations and demonstrations
  • Working code examples (in Visual Basic and C#)
  • 24/7 access for up to 3 users within an organization
  • At our discretion, one-to-one advice and assistance with your particular scenario

How will an HR-driven identity management system benefit your organization?

An HR-driven identity management system for hybrid AD has many benefits:

  • AD and Azure AD identity information consistent with your source of truth (e.g. HR system), for example:
    • Authentication and authorization decisions are based on reliable data
    • Users provisioned, enabled/disabled, deprovisioned automatically
    • Licensing and security decisions based on accurate group memberships
  • More administrative control with less effort:
      • Reduced duplication of identity data entry
      • Effective enforcement of rules and policies in AD and Azure AD
    • Automated handling of the joiner/mover/leaver process
    • Fewer orphaned accounts and rogue permissions
  • Improved Office 365 user experience:
    • Same sign-on (same UPN and password) or true single sign-on
    • Seamless access from different devices within the corporate network or in the cloud

In this video, the first of 17, our CEO, Hugh Simpson-Wells explains more about the implementation guide and what you can expect from it:

In this video, a recording of a webinar, Hugh Simpson-Wells demonstrates how this Video Implementation Guide can help you build an automated joiner/mover/leaver lifecycle solution step-by-step.

This “Enabling the Cloud through Hybrid Identity” video implementation guide covers:

  • Automating provisioning of users, groups and devices into Azure AD based on AD
  • Selecting appropriate version and options for Azure AD Connect, including authentication options such as SSO, password synchronization, and write-back to support Azure AD SSPR
  • Importing authoritative HR data into Microsoft Identity Manager (MIM)
  • Creating rules extensions – implementing MIM involves writing some code so, to make things easier, we provide templates and examples for typical requirements such as:
    • Generating unique attributes such as account names and other important attributes for managing accounts in AD
    • Using MIM to provision users into AD based on the imported HR data
  • Operating MIM and Azure AD, including some coverage of high availability and disaster recovery

17 short and accessible videos – view it, then do it!

  1. Introduction to the course (19 minutes)
  2. AD, Azure AD, and Hybrid AD (39 minutes)
  3. Preparing to install Azure AD Connect (10 minutes)
  4. Installing Azure AD Connect CloudSync (28 minutes)
  5. Testing the Azure AD Connect CloudSync implementation (10 minutes)
  6. About Microsoft Identity Manager (45 minutes)
  7. Installing MIM Sync (12 minutes)
  8. Creating the first (HR) MA (36 minutes)
  9. Creating our second (AD) MA and joining existing accounts (71 minutes)
  10. MIM extensions explained (25 minutes)
  11. A rules extension to enable/disable AD users (37 minutes)
  12. A rules extension to create unique names (28 minutes)
  13. A provisioning rules extension (48 minutes)
  14. Deprovisioning (31 minutes)
  15. Installing Azure AD Connect Classic (29 minutes)
  16. Azure AD Connect Classic options (43 minutes)
  17.  Operating MIM and Azure AD Connect Classic (36 minutes)

Our aim is to enable a small team, or possibly an individual, to implement Microsoft Identity Manager and Azure AD Connect to support Office 365 in a scenario involving a single source of truth (such as an HR system, or student enrolment system), a single Active Directory Forest, and a single Azure AD Tenant.

The team is likely to be led by an IT administrator, supported by others with knowledge of (for example) the identity requirements of the organization, and experience developing code (using Visual Basic and Visual C#) – again, that knowledge could reside in one person. Not everyone in the IT team will necessarily need to view all the videos.

We assume a sound knowledge of Active Directory (single forest), and basic knowledge of Azure AD, an appreciation of what a SQL database looks like, and an awareness of different authentication mechanisms – plus general IT knowledge.

A choice of training journeys…

You can watch the videos in whatever order you like and as many times as you like, but we have also designed three training journeys to meet different needs. We recommend that everyone views videos 1, 2 and 3, after which it should become obvious where to go next.

  • Journey 1 takes you through all the videos sequentially.
  • Journey 2 is for those who realize that they will need the features that are only provided by Azure AD Connect “Classic” (missing out Azure AD Cloud Sync).
  • Journey 3 is for those who realize that the simpler Azure AD Connect CloudSync is good enough for their purposes.

Additionally, whoever will write the code need only focus on videos 10 to 14.

 

New course – no reviews yet.

Read more reviews