What's great for enterprise single sign-on, though, is the Directory Integration tab:
If you enable directory integration and download a tool, you can sync this cloud directory with your existing on-premises Active Directory that you're already using inside your organization. Then, all of the users stored in your directory will show up in this cloud directory. Your cloud apps can now authenticate all of your employees using their existing Active Directory credentials. And all this is free -- both the sync tool and Azure AD itself.
The tool is a wizard that is easy to use, as you can see from the following screen shots. These are not complete instructions, just an example showing you the basic process. For more detailed how-to-do-it information, see the links in the Resources section at the end of the chapter.
First you see the Welcome page.
Click Next, and then enter your Azure Active Directory credentials.
Click Next, and then enter your on-premises AD credentials.
Click Next, and then indicate whether you want to store a hash of your AD passwords in the cloud.
The password hash that you can store in the cloud is a one-way hash; actual passwords are never stored in Azure AD. If you decide against storing hashes in the cloud, you'll have to use Active Directory Federation Services (ADFS). There are also other factors to consider when choosing whether to use ADFS. The ADFS option requires a few additional configuration steps.
If you choose to store hashes in the cloud, you're done, and the tool starts synchronizing directories when you click Next.
And in a few minutes you're done.
You only have to run this wizard on one domain controller in the organization; the server must be running Windows Server 2003 or higher. And no need to reboot. When you're done, all of your users are set up in the cloud, and you can do single sign-on from any web or mobile application, using SAML, OAuth, or WS-Fed.
No comments:
Post a Comment