I engage in numerous conversations with customers on a daily basis, a significant majority of whom currently possess a hybrid infrastructure. While that is great, hybrid approaches also introduce the need to rethink traditional Identity and Access Management (IAM) solutions. Multiple, dispersed IAM solutions, while they work don’t deliver a great end user experience as users have to remember multiple logon credentials and ultimately remember which ones should be used when accessing cloud-based applications as appose to private applications hosted within the business.
In recent times, a growing number of organizations have been actively exploring alternatives to the conventional usage of Active Directory (AD). It is noteworthy that Microsoft Entra ID (formerly known as Azure Active Directory or AAD as of August 2023) has garnered an impressive user base, surpassing 722 million individuals [Techjury – Azure Statistics]. This shift in focus can be attributed to organizations aiming to streamline their Identity and Access Management (IAM) solutions for the future.
Entra ID (Cloud Approach)
Formerly Azure Active Directory (AAD), Entra ID is Microsoft’s answer to a cloud-based IAM solution. Organisations with a cloud-only footprint can add their domain/s to their Azure tenant and once verified, create user accounts, groups etc that can be used to access applications that are federated with Entra ID.
Upon creating an Azure tenant, you will be required to enter a sub-domain that will be appended with ‘.onmicrosoft.com’. This particular domain is also referred to as a fallback domain and will be the default domain for the Azure tenant.
Active Directory (AD) Synchronised with Entra ID (Hybrid Approach)
For organisations with an AD presence, they can still leverage Entra ID to simplify their user access experience to cloud-based and on-premises applications. Microsoft currently have two methods that allow organisations move towards an hybrid IAM model; this can be achieved by using the following methods:
- Entra ID Connect Sync
- Entra ID Connect Cloud Sync
This article won’t explain the differences between the two but you can find out more details about both approaches here. However, to summarise, each method will give organisations the ability to synchronise their AD domain with Entra ID and if the internal domain being used is that of the public domain, then it might be easier to federate the domain with Entra ID so that all user accounts are synchronised into Entra ID. Private internal domains can still be synchronised to Entra ID however, each username will be appended with the .onmicrosoft domain.