On-premises SSO for Azure AD guests – a free video
Learn about a cloud-based solution that integrates legacy on-premises applications, providing simple yet secure access for Azure AD B2B guests (partners, joint ventures, regional offices, acquisitions etc).
As an identity and access architect, I work with a range of enterprise customers with identity management requirements, including the integration of systems to provide single sign-on (SSO), and central authorization management and audit capability. Typically these organizations have a user base of anything from 2,000 to 200,000, and a wide range of applications underpinned on the one hand by Active Directory for on-premises applications, and on the other hand by Azure Active Directory for cloud applications such as Microsoft 365.
Two factors make this activity particularly complex:
- While many applications (whether cloud or on-premises) provide access based on modern protocols such as OAuth2 and OpenID Connect, there remain many applications which are still integrated with Active Directory, and are therefore only able to use Kerberos as their Auth protocol.
- The enterprises have a large core business unit, which allows them to maintain their users in a single Active Directory forest and a single Azure AD tenant, but also have regional companies, joint ventures and partner organizations who have their own AD/AAD infrastructures.
Providing access to the Kerberos applications for the users from these other organizations is not a new requirement, and a variety of approaches have been around for a while (using VPN and VDI, for example) – but these are resource-heavy, and typically provide a low-quality user experience. We now have the tools and capability to create solutions that not only have an improved user experience, but require less infrastructure.
It is this cloud-based approach to on-premises SSO for Azure AD guests which I talk about in my new 52-minute video which is available to watch free-on-demand.
The video is divided into two halves.
- The first half covers requirements, some legacy approaches (with their pros and cons), and introduces a cloud-based approach involving the automated discovery and synchronization of trusted guest users from other organizations.
- The second half dives deep into the technical details of implementation.
I hope you find it useful!
Want to learn more?
To find out more about any of the features, methods and technologies in this video, please contact us by email at firstname.lastname@example.org, or by phone on +1 425-577-6542 (US) or +44 (0)1865 521200 (UK).
Are you interested in MIM and Azure AD training? Are you looking for ad hoc help with identity projects?
We offer a range MIM and Azure AD training course. And our TrainingPlus packages give you access our identity expertise at discounted rates as and when you need it – everything from training courses and mentoring to help with implementation.