Learn about a cloud-based solution that integrates legacy on-premises applications, providing simple yet secure access for Microsoft Entra B2B guests (partners, joint ventures, regional offices, acquisitions, etc).
As an identity and access architect, I work with a range of enterprise customers with identity management requirements, including the integration of systems to provide single sign-on (SSO), and central authorization management and audit capability. Typically these organizations have a user base of anything from 2,000 to 200,000, and a wide range of applications underpinned on the one hand by Active Directory for on-premises applications, and on the other hand by Microsoft Entra ID for cloud applications such as Microsoft 365.
Two factors make this activity particularly complex:
- While many applications (whether cloud or on-premises) provide access based on modern protocols such as OAuth2 and OpenID Connect, there remain many applications that are still integrated with Active Directory and are therefore only able to use Kerberos as their Auth protocol.
- The enterprises have a large core business unit, which allows them to maintain their users in a single Active Directory forest and a single Microsoft Entra ID tenant but also have regional companies, joint ventures, and partner organizations who have their own AD/Microsoft Entra ID infrastructures.
Providing access to the Kerberos applications for the users from these other organizations is not a new requirement, and a variety of approaches have been around for a while (using VPN and VDI, for example) – but these are resource-heavy, and typically provide a low-quality user experience. We now have the tools and capability to create solutions that not only have an improved user experience but require less infrastructure.
It is this cloud-based approach to on-premises SSO for Microsoft Entra ID (Azure AD) guests that I talk about in this video.
The video is divided into two halves.
- The first half covers requirements, and some legacy approaches (with their pros and cons), and introduces a cloud-based approach involving the automated discovery and synchronization of trusted guest users from other organizations.
- The second half dives deep into the technical details of implementation.
I hope you find it useful!
Note: Since this video was recorded, Microsoft has rebranded Azure AD to Microsoft Entra ID.
Want to learn more?
To find out more about any of the features, methods, and technologies in this video, please contact us by email at email@example.com, or by phone on +1 425-577-6542 (US) or +44 (0)1865 521200 (UK).
Are you interested in MIM and Microsoft Entra ID training? Are you looking for ad hoc help with identity projects?
We offer a range of MIM and Microsoft Entra training courses. Our TrainingPlus packages give you access to our identity expertise at discounted rates as and when you need it – everything from training courses and mentoring to help with implementation.