I would like to ask if it is possible connecting an Azure AD to an AD which is not an AD FS type? I have read some documentations regarding connecting Azure AD to an on-premise type of AD but AD FS is needed for it. Or is it possible to have an Azure AD connected to an AD DS? Or would it be better to use AD AAD Connect pass-through-authentication?
Or.....
Would it be better to use Azure Logic Apps?
Edit1: Seems like ADFS is optional.
Thanks!
I just want azure as the middle-ware for users to authenticate to
non-AD on prem.
As far as I know, for now, we can't use Azure AD in this way.
By default, authenticate user to AD if response is invalid, Azure AD will not redirect it to other page.
Azure AD connect can't sync non-AD users to Azure AD.
Related
Scenario:
Managed GCP Applications hosted on GCP with a Google cloud identity setup for customers
Want customers to access GCP managed service using their own IDP
Question:
Can I use Azure AD b2c as an IDP for Google cloud identity ?
Looking for a solution or alternate solutions which may not be that expensive
Azure AD B2C is an OIDC IdP so yes, it can be used as a federated IdP in Google Cloud Identity. Due to the similarities between Azure AD B2C and Azure AD you can follow most of the steps detailed in Configure workforce identity federation with Azure AD and sign in users with the following Azure AD B2C specific replacements:
Create a new app. As a best practice, we recommend that you create a new application in Azure AD B2C and use only the application to obtain Google Cloud credentials. To create a web app for user sign-in with Azure AD B2C and enable your app to receive tokens from Azure AD B2C, see Register a web application in Azure Active Directory B2C. Do not forget to follow the Next steps.
Skip this one.
I am trying to use MFA for on-premise APPS that are secured by AD and ADFS. We are uing MIM to provision accounts automatically to AD. However all accounts will not be synchronized to Azure AD. I have read following article
https://learn.microsoft.com/en-us/microsoft-identity-manager/pam/use-azure-mfa-for-activation
Does it mean you can use Azure AD MFA withing MIM for on-premise Apps which are secured by ADFS? does it go to Azure AD to challenge the user for MFA? what about if the account exist only in AD not Azure AD?
Appreciate all kind of advice.
The article you cited above is only applicable to the use of Azure AD MFA within MIM for the privileged access management scenario, rather than for MFA for use within applications. I would recommend synchronizing accounts to Azure AD, and using conditional access and the application proxy where applicable. See https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-whichversion for more info on the options for applications.
Scenario:
Our On-premise AD currently holds our customers/users for on-premise apps.
We starting developing cloud apps for our customers/users and looking at Azure AD/Azure AD B2C for identity management.
We want to use ad connect sync with pass-through authentication to Azure AD because of security requirements.
Customers/users have usernames in form of jane#doe.com in the on-premise - not jane#.com. That means when AD connect sync to Azure AD the username becomes jane#mytenant.onmicrosoft.com and name jane#doe.com.
The Azure AD we sync to is a Azure AD B2C directory.
Question:
Is it possible to edit the Azure AD B2C sign-in policy to use name (jane#doe.com), not username (jane#mytenant.onmicrosoft.com) and password?
You cannot use Azure AD B2C sign-in policy to change the synced user name and password.
First, the synced users are in Azure AD, not Azure AD B2C.
Azure AD Connect is not designed to work with Azure AD B2C
Second, if you still want synced username to match your on-premise username, you can refer to this article .
Also,if you have not synced from Azure AD Connect, you can use custom settings in Azure AD Connect to let synced username match your on-premise username.
I am working on application where authentication is done by Web service which further calls our organisation AD service to authenticate.
Now I want to move my application to Azure but problem is my web service is not exposed outside organisation. So I can't use web service on Azure to authticate.
Then I searched for Azure AD and found that Azure AD it self provides authenticate and store users data to their data center.
How can I integrate my organisation AD account to Azure AD ?
You are probably looking for Azure AD Connect. See
Integrate your on-premises directories with Azure Active Directory
I am working on a project to migrate the Consumer faced application to the cloud.
Based on the pricing I prefer to use the Azure AD B2C tenant.
Tentative timeline for the Azure AD B2C GA ?
How can I sync/move the user object from On-premises AD to the Azure AD B2C tenant? Can we use Azure AD connect for this?
As stated in this FAQ,
Can I use Azure AD Connect to migrate consumer identities that are stored on my on-premises Active Directory to Azure AD B2C?
No, Azure AD Connect is not designed to work with Azure AD B2C. We
will provide various migration options and tools out-of-the-box in the
future.
With the (beta) MSAL library (https://github.com/AzureAD/microsoft-authentication-library-for-dotnet), you can add both B2C and your existing AD to your website, so both worlds (external customers in B2C and corporate users in AD) can login to the same site.
from: https://blogs.technet.microsoft.com/enterprisemobility/2016/03/31/microsoft-identity-at-build-2016/
MSAL is a developer library that helps you to obtain tokens from MSA, Azure AD or Azure B2C for accessing protected resources – such as your own API, Microsoft’s API (such as the Microsoft Graph) and any other 3rd party choosing to protect their API with Microsoft identity.