In Azure, Blog, RADIUS

Can you extend Microsoft® Azure® AD identities to on-prem WiFi networks? As more IT admins use Azure Active Directory® (AD) to manage their cloud infrastructure, some wonder if they can leverage those user identities with on-prem resources such as WiFi; macOS®, Windows®, and Linux® systems; and more. Before we answer that question, let’s first understand how we’ve gotten to this point.

Microsoft and the Cloud

With the advent of the cloud, the traditional on-prem, Windows network seems a relic of the past. After all, laptops, remote workers, and non-Windows systems (Mac® and Linux) have seen a rise in popularity. Apps like the Office™ suite have shifted cloudward to Office 365™, infrastructure is hosted in Azure, and other key facets of IT have moved to the cloud.

Of course, it doesn’t make sense to host a wireless network in the cloud; WiFi needs users to be in physical proximity to a router / wireless access point (WAP) to truly be effective. What does make sense, though, is the idea of cloud-based identity management. Traditional identity management has always fallen on the shoulders of Microsoft Active Directory, the legacy on-prem directory service.

Traditional Microsoft Identity Management

When it comes to the many non-Windows and cloud resources being leveraged by end users today, Active Directory—as it was created—is simply not fit to manage them. When Microsoft released Azure and its associated Azure Active Directory, many thought that Azure AD would be the cloud replacement for the on-prem directory service.

Time and time again, Microsoft have denied that Azure AD is on-prem AD but in the cloud. Azure AD is obviously useful for managing Azure and Office 365 access, as well as limited web-application single sign-on (SSO) to select apps. It struggles, however, to manage systems or network access, to name a few of its shortcomings compared to AD proper.

Extending Azure AD Identities to On-prem WiFi

As a part of this, IT admins have found that they cannot extend their Azure AD identities to be used with their on-prem WiFi networks. In order to do that, IT organizations would need a third party solution that would extend AAD to work with wireless access points. This solution, known as a cloud directory service, would connect Azure identities to networks, systems, applications, and more, as an essential reimagination of on-prem AD for the cloud age of IT.

JumpCloud® Directory-as-a-Service® does just that. With JumpCloud, IT admins can enable their end users to access virtually all of their IT resources, from their systems and apps to their Azure or other cloud infrastructure, WiFi networks, and so much more. We like to call this phenomenon True Single Sign-On™; that is, the ability to leverage a single credential for all of a user’s resource access. Specifically, those credentials are managed within JumpCloud but the same as those in AAD, and elsewhere, such as WiFi.

Extending Identities with JumpCloud

JumpCloud reaches past just True Single Sign-On. JumpCloud admins can manage system security settings, authenticate to VPNs and DevOps environments, and manage multiple tenant sub-organizations, all from a single cloud admin console.

If you’d like to extend your Azure AD identities to on-prem WiFi (or just about any IT resource, for that matter), why not try JumpCloud for free? Our free account includes up to ten users, available forever, so once you try, you can even keep them after you buy. If you would like to learn more, don’t hesitate to connect with us. We’d be happy to assist you.

Recent Posts