Is it possible to manage Active Directory® from a browser? Microsoft®’s traditional directory service has been an on-prem staple since its inception. But, as more resources move to the cloud, some are curious about whether they can port their identity management cloudwards as well.
First, let’s dive into what Active Directory is and why an organization would want browser-based Active Directory in the first place.
Active Directory, On-Prem
Active Directory (AD) is the premier on-prem directory service, used by many organizations to manage user identities and their access to mainly Windows® IT resources. IT organizations often host their AD instances on-prem with physical server stacks.
With modern, cloud innovations, however, AD needs additional tooling to manage new resources that fall outside of its domain. These range anywhere from macOS® and Linux® systems to cloud infrastructure and applications.
In order to manage these disparate resources, IT admins have had to resort to adding on functionality to their AD instance, generally through the assistance of tools like web application single sign-on (SSO) solutions or identity bridges. Over time, these AD add-ons have slowly been lumped together under the larger umbrella of Identity-as-a-Service (IDaaS).
Useful for their specific niches, these IDaaS solutions also offer one feature in particular that has become ideal for modern IT admins: many can be fully managed from the cloud. This lets IT admins effectively manage their users’ authentication and access to cloud-based applications, infrastructure, and non-Windows systems from anywhere in the world — albeit from disparate browser windows.
The extensibility of these browser-based tools sparks curiosity in some admins, wondering if they can achieve the same interfacing experience with their on-prem AD instance. The possibility would enable an IT admin to effectively manage most, if not all, of their identities and access control remotely. For organizations like managed service providers (MSPs) and other IT consultants, this could be a great boon indeed.
Additionally, the graphical user interface (GUI) of AD (pictured above) appears somewhat outdated compared to modern GUIs that feature more visually appealing layouts and input processes. Although many long-time AD admins feel comfortable navigating AD’s GUI, others appreciate the GUI experience of newer, browser-based software, which is another driving point towards finding a new way to interface with AD.
So, with that in mind, let’s evaluate some potential options for managing Active Directory from a browser.
Browser-Based AD Options
When it comes to hosting AD in a browser, a couple of options may come to mind.
Azure® Active Directory is a cloud-based identity management platform. Some people think of Azure AD as a browser-based version of on-prem Active Directory, but it is not.
While organizations can connect their on-prem AD identities to cloud resources, such as the Azure cloud, web applications, and Office 365™, Azure AD doesn’t handle much of the traditional directory service operations that on-prem AD is used for. This includes Windows group policy management, as well as user creation and further lifecycle management. As such, organizations leveraging Azure AD in tandem with on-prem AD can’t use Azure AD’s browser window for full AD management. In fact, Microsoft’s own reference architecture for using AAD requires an on-prem AD instance.
AWS Directory Service
AWS® Directory Service is Active Directory hosted in the Amazon Web Services® cloud. In theory, one would think of it as a cloud version of on-prem AD.
In practice, AWS Directory Service allows you to utilize cloud infrastructure instead of on-prem servers to maintain AWS identities using the familiar Active Directory structure. What it doesn’t allow you to do, however, is manage AD from a browser window.
Organizations using AWS Directory Service still need a dedicated Windows server to act as a proxy, giving IT admins an interface to manage their AWS AD instance (usually the GUI-based AD interface). Beyond that, AWS Directory Service is generally used to offload AD-managed application functions to the cloud — not replace it fully. Much like with Azure AD, many of the core functions of Active Directory will still require an on-prem instance to carry out if you are looking to have one authoritative source of credentials. Additionally, any other resources that fall outside of AWS will need other solutions for proper management.
Full Browser-Based AD Management
What IT organizations may need is an “ultimate AD add-on” of sorts. In essence, this solution should allow IT admins to fully control their Active Directory from any location through a web browser, and beyond that, extend their AD identities to virtually any modern IT resource.
Enter AD Integration
JumpCloud®’s Active Directory Integration provides organizations with full AD user identity and access management from the cloud and propagates existing AD identities to non-domain resources. AD Integration leverages JumpCloud’s Directory-as-a-Service® to create a bidirectional identity sync between on-prem AD and cloud/non-Windows resources with the help of lightweight agents downloaded directly on to AD domain controllers. Admins can then use the browser-based JumpCloud admin console to achieve full AD user lifecycle management from the cloud (including provisioning AD users from JumpCloud) without needing any additional tooling to extend those users outside of the domain.
With AD Integration, IT organizations can fully manage Active Directory from a browser and extend AD to macOS, Linux, cloud applications, and more.
If you’d like to manage AD from your browser window, give AD Integration a try for up to 10 users, completely free.