What is Active Directory Integration (ADI)?

Written by Ryan Squires on April 12, 2020

Share This Article

With the need to extend the capabilities of Active Directory to modern resources, many are asking what is Active Directory® (AD) Integration? Historically, Active Directory Integration has meant that an application or resource can authenticate to an on-prem AD instance. For those in the identity and access management (IAM) space, the term AD integration has taken on many different meanings to include IDaaS, directory extensions to systems (Mac®/ Linux®), or even cloud directory integration.

Keep reading to find out what Active Directory integration is all about — for modern IT. For more information about JumpCloud’s Active Directory Integration feature, you can learn more about that on this feature page.

One-Way AD Integration and IDaaS

Often, AD integrations are one-way, where AD is the source of truth and a third-party application or IT resource is authenticating user access against AD. If you’ve been in the IT industry, that’s generally what AD integration has meant, and most legacy, on-prem software achieves that capability. Interestingly, with more modern IT resources — such as web applications — AD integration isn’t really a concept.

Rather, a generation of identity and access management (IAM) solutions emerged, called Identity-as-a-Service (IDaaS) or web application SSO (single sign-on), to extend AD credentials outward to these third-party solutions — namely web applications. Therefore, the term AD integration took on a different meaning and context. That said, there are a number of challenges with those limited Active Directory integrations, and a new, more modern approach to AD integration is emerging which includes bi-directional syncing capabilities. 

Bi-directionality essentially means password changes occurring on the integrated platform get synchronized and changed in AD as well. 

Effectively, a more modern IDaaS platform can shift the center of gravity to it (i.e. become the source of truth), while keeping an organization’s investment in AD. The value of this is to extend and add-on to the IAM infrastructure without having to do consolidation, migration, or deep integration, but still enable the team to leverage the most modern IT resources possible while IT admins maintain control over their environments. 

Part of that control comes from the ability to integrate AD with non-Windows systems. 

JumpCloud

Securely connect to any resource using Google Workspace and JumpCloud.

Mac and Linux Integration with AD

One of the most useful AD integrations for organizations in modern computing environments is the ability to integrate macOS® and Linux devices into Active Directory-controlled environments. With more and more Mac systems showing up in offices around the world, this ability pushes password changes from non-Windows systems to AD, and vice versa, and is extremely helpful for both users and IT admins.

In fact, this can represent a critical ability for IT admins, because most solutions in this space are legacy on-prem solutions; the time for a next-generation cloud system is now. This criticality has led many IT admins to wonder where they can get Mac user management capabilities. For them, JumpCloud’s AD Sync Password Writeback feature can be an extremely valuable addition to their IT toolkit. Plus, when you utilize JumpCloud, you get the ability to further integrate with a wide range of cloud and on-prem tools. 

Further Integration with JumpCloud

Think of JumpCloud as an Active Directory management tool. It enables you to integrate AD with G Suite™, O365, AWS®, and more. Generally, it would take many tools in order to accomplish this level of Active Directory Integration. But with JumpCloud, you can scrap the pile of additional add-ons you may be leveraging and instead utilize a single Active Directory management tool — Directory-as-a-Service® — to complete your integration. 

Bi-directional sync happens by way of AD Import and AD Sync. AD Import enables IT admins to take AD identities and push them directly into the Directory-as-a-Service platform. That’s one direction. Then, once they’re in JumpCloud, you can connect these identities to networking infrastructure with RADIUS, cloud infrastructure (AWS, Azure®, Google Cloud™) file servers on-prem and in the cloud (NAS devices, Box™, G Drive™), web applications (Slack, GitHub, O365), legacy applications via LDAP, and many others. 

Moving in the other direction, AD Sync gives Mac and Linux users the ability to change their password either on the system (Mac) or user portal (Linux) and have the change go all the way out to Active Directory. As a result, that change propagates to JumpCloud-managed resources, like the ones listed above, as well. This setup enables AD to continue to be the source of truth for an organization, but it also makes it much easier for users to update their passwords and other information and get it back into Active Directory. End users don’t have to jump through hoops to stay compliant with password policies, password resets, and other critical functions. And, they can do this from anywhere — with no VPN.

For IT admins, that means much less time spent simply resetting passwords because their users are able to make those changes themselves. Because one password change extends out to virtually all resources, the challenge of having to remember potentially hundreds of passwords (or change them) is relaxed. 

Try JumpCloud Today

Still wondering what Active Directory Integration is? See for yourself when you sign up for a free JumpCloud account. This includes the ability to manage up to 10 users with the full version of the product, and if you like what you see, swing by the pricing page to see how to only pay for what you need with Directory-as-a-Service. 

Ryan Squires

Ryan Squires is a content writer at JumpCloud, a company dedicated to connecting users to the IT resources they need securely and efficiently. He has a degree in Journalism and Media Communication from Colorado State University.

Continue Learning with our Newsletter