Integrating Active Directory and the cloud is a necessary “evil” brought on by the need for using cloud apps and having a flexible workforce (e.g. work-from-anywhere, bring-your-own-device, etc.), while maintaining security and integrity—and don’t forget the now, or real-time, part.
Usually “extending AD to the cloud” and “easy” aren’t words that belong in the same sentence.
The complicated, expensive ways to extend AD to the cloud include building custom integrations on an app-by-app basis or federating AD to Azure AD.
Custom Integrations
Some IT departments build custom code to hack into the attributes that are in AD to provision users into applications.
Although the effort helps maintain AD as the central directory and minimize manual provisioning, it does not outweigh the disadvantages of building custom integrations.
Disadvantages
- Costly
- Slow
- Not scalable
- Apps are constantly changing.
- Apps do not support the same types of integration.
Azure AD
The default choice for others is Microsoft’s Azure Active Directory. Designed for managing identities and applications in the cloud, Azure AD by itself is an easy way to extend AD to the cloud. The premium version offers features such as group-based access control, multi-factor authentication (MFA), and advanced reporting.
However, Azure AD has a complicated, expensive prerequisite—establishing and maintaining a highly available Active Directory Federation Services (AD FS) infrastructure.
Disadvantages
- Does not support LDAP
- Complex and costly infrastructure
- Load balancing multiple sets of servers
- Custom deployment required for synchronizing multiple forests
So, how can you extend AD to the cloud the easy way?
IDaaS
Third party solution providers offer a fast, easy, and sustainable way to extend AD to the cloud.
For example, OneLogin can integrate your AD to the cloud in minutes through our Active Directory Connector (ADC). OneLogin’s ADC installs as a simple Windows service and scales to support numerous domains, organizational units (OUs), and users and security groups. It also subscribes to notifications, which means updates appear in true real-time—milliseconds.
See how OneLogin provides automated real-time user provisioning for one of our customers, a large pharmaceutical provider with a global workforce: