By Ryan Squires Posted February 13, 2019
Some IT admins are interested in backending Office 365™ (O365) with LDAP because they’d like to use O365 credentials elsewhere. For example, extending O365 credentials to an OpenVPN™ instance or to AWS® with a Kubernetes or Docker instances. Obviously, Office 365’s underlying identity management model is based on Azure® Active Directory®, so Microsoft® would likely tell you that you don’t need LDAP connected to O365 user identities. But, what Microsoft tells you is simply an attempt to keep you in their ecosystem, so consider a few use cases laid out in the article below.
Backend O365 with LDAP and More
Things get really interesting when you consider the different types of cross-platform use cases that you can achieve by backending Office 365 with LDAP. IT admins are using their imaginations and dreaming up scenarios where you can extend a user’s O365 credentials for authentication with just about any IT resource. This setup cuts down on password fatigue and the reuse of potentially weak passwords.
The reasoning for this sort of LDAP backend is because ideally, an end user would have just one set of credentials for the IT resources they use daily. That means systems (Windows®, macOS®, or Linux®) cloud and on-prem servers (e.g. AWS, GCP, on-prem data center, etc), web and on-prem applications via LDAP and SAML, physical and virtual file servers (for example NAS appliances, Samba file servers, Dropbox™, G Drive™, and more), as well as wired and WiFi connections through the RADIUS protocol. All of those various resources would be connected to one identity, but perhaps instantiated in a variety of ways including username/password, SSH keys, 2FA, or more.
Microsoft’s Azure AD Limitations
Unfortunately, that vision of a single set of credentials isn’t achievable using Azure Active Directory, even when it is used in concert with on-prem Active Directory. With that in mind, when thinking about a cross-platform, inclusive approach to an IT network, solutions will need to be neutral. That will enable the solution to facilitate access through a variety of different providers, protocols, and locations.
The good news is that a next generation of identity management platform called Directory-as-a-Service® is doing this and enabling IT admins to leverage Office 365 credentials to LDAP, and even further, to virtually all of a user’s IT resources. That means users experience much less friction when it comes to logging into and utilizing their decentralized grouping of IT resources. For IT admins, those decentralized services become centralized, which enables them to quickly onboard and offboard users. It’s a win for both parties.
System and User Management in One
This all sounds great for identity management. But, what about managing systems? JumpCloud has that covered too. As a comprehensive directory services solution, JumpCloud can enforce system security initiatives by remotely deploying GPO-like Policies such as full disk encryption (FDE), OS updates, screen lock timers, and much more. You get an entire directory solution, delivered from the cloud, so it is free of the ongoing maintenance chores generally associated with on-prem directories.
Learn More About JumpCloud
If you want to backend Office 365 with LDAP and extend your user’s credentials to legacy applications and much more, feel free to sign up a free account. JumpCloud’s free account enables you to manage up to 10 users with the full-featured version of Directory-as-a-Service. Once you’re in the console, if you have any questions, do not hesitate to contact one of our product experts or visit the Knowledge Base.