locked
SSO verse Azure Active Directory Sync RRS feed

  • Question

  • Im kinda new to Windows server, but have been checking out Microsoft Azure and like the IaaS. 

    Just a question about SSO verse Azure Active Directory Sync.

    Im moving my infrastructure into Azure, my base is a AD server, "dirsync" or AD FS server and a few web servers etc. We use Google Apps for Email, Calendar and Drive.

    So I see that there are two ways to keep my AD directory and Azure directory in sync. SSO and Azure Active Directory Sync.

    If I use Azure Active Directory Sync and not setup AD FS on a server with SSO, will I still be able to use SSO with my Azure Directory to Apps the Microsoft have in the Azure portal?

    The only reason I would need a AD FS server if I had Apps/Services on site that I wanted to use SSO with, correct?

    Monday, June 23, 2014 10:08 PM

Answers

  • The basic relationship is something like this:

         AD (Local) ---DirSync---> AAD ---> 3rd Party Apps
         AD (Local) ---  ADFS ---> AAD ---> 3rd Party Apps

    DirSync synchronizes user information from the local AD and populates user data in Azure AD (it may also sync passwords too).

    ADFS is used to let users log into Azure AD using Windows Authentication against the local AD. Meaning, if you have ADFS then users on machines that are members of the same domain as ADFS don't have to log in to AAD, as its handled behind the scenes by ADFS.

    If ADFS is not present then you can still use the right half of that relationship, but you have to manually log into Azure AD using whatever credentials have been specified.


    Developer Security MVP | www.syfuhs.net

    Tuesday, June 24, 2014 7:36 PM