How to Extend AD to the Cloud—the Easy Way

May 31st, 2016   /     /   product and technology, security and compliance, smarter identity

Integrating Active Directory and the cloud is a necessary “evil” brought on by the need for using cloud apps and having a flexible workforce (e.g. work-from-anywhere, bring-your-own-device, etc.), while maintaining security and integrity—and don’t forget the now, or real-time, part.

Usually “extending AD to the cloud” and “easy” aren’t words that belong in the same sentence.

The complicated, expensive ways to extend AD to the cloud include building custom integrations on an app-by-app basis or federating AD to Azure AD.

Custom Integrations

Some IT departments build custom code to hack into the attributes that are in AD to provision users into applications.

Although the effort helps maintain AD as the central directory and minimize manual provisioning, it does not outweigh the disadvantages of building custom integrations.

Disadvantages

  • Costly
  • Slow
  • Not scalable
    • Apps are constantly changing.
    • Apps do not support the same types of integration.

Azure AD

The default choice for others is Microsoft’s Azure Active Directory. Designed for managing identities and applications in the cloud, Azure AD by itself is an easy way to extend AD to the cloud. The premium version offers features such as group-based access control, multi-factor authentication (MFA), and advanced reporting.

However, Azure AD has a complicated, expensive prerequisite—establishing and maintaining a highly available Active Directory Federation Services (AD FS) infrastructure.

Disadvantages

  • Does not support LDAP
  • Complex and costly infrastructure
    • Load balancing multiple sets of servers
    • Custom deployment required for synchronizing multiple forests

So, how can you extend AD to the cloud the easy way?

IDaaS

Third party solution providers offer a fast, easy, and sustainable way to extend AD to the cloud.

For example, OneLogin can integrate your AD to the cloud in minutes through our Active Directory Connector (ADC). OneLogin’s ADC installs as a simple Windows service and scales to support numerous domains, organizational units (OUs), and users and security groups. It also subscribes to notifications, which means updates appear in true real-time—milliseconds.

See how OneLogin provides automated real-time user provisioning for one of our customers, a large pharmaceutical provider with a global workforce:

 
Choosing The Right Directory Framework for Your Cloud App Portfolio

Choosing The Right Directory Framework for Your Cloud App Portfolio

Download Whitepaper
About the Author

Vera Sparre is a passionate B2B2C marketer with an extensive background in enabling decision makers in High Tech, Mobile and SaaS. Vera has a comprehensive history of empowering businesses through holistic, omni-channel campaigns, and has worked in a number of high level marketing positions at corporations including Microsoft, Charles Schwab, Adobe and multiple SaaS Startups. As the Sr. Director of Demand Generation at Onelogin, Vera focuses on effectively delivering information to targeted audiences, and enabling them to make buying decisions with confidence.

View all posts by Vera Sparre