By Megan Anderson Posted January 10, 2020
Many IT organizations using Active Directory® (AD) found that as they integrate more third-party cloud infrastructure and web applications, few of these resources can be authenticated using AD credentials natively.
When looking to extend Active Directory identities to cloud-based applications, the first resource many organizations turn to is Azure Active Directory® (AAD or Azure AD). It has been marketed as the most straight-forward means of connecting AD users to the cloud, but it’s not the best fit for everyone.
Why Azure AD May Not Be Right for You
With Azure AD, organizations can extend their AD identities to Microsoft’s cloud infrastructure and applications (Office 365™) along with a select group of web applications. However, Azure AD does not extend AD identities to Amazon Web Services® (AWS) or Google Cloud Platform® cloud servers, non-Windows applications hosted on-prem, or on-prem WiFi infrastructure, for example.
Depending on the size of the organization, whether your IT environment is entirely Windows-based, and if you already leverage Azure infrastructure, extending AD identities via Azure AD can be a good option. Of course, your costs can add up with on-prem AD, AAD in the cloud, and all of the integration work necessary for these applications to run smoothly.
You can’t easily eliminate those costs by leaving Active Directory and moving exclusively to Azure AD, either. Azure AD is not a cloud-based Active Directory replacement and requires an on-prem AD server to get the most out of it.
Traditionally, without Azure AD, it can be tricky to extend your AD credentials to the cloud. Microsoft offers another tool called Active Directory Federation Services (ADFS) for web applications single sign-on, but that comes with its own limitations.
Is There a Way to the Cloud Without Azure AD?
There are third-party services that can bridge Active Directory identities to the cloud without Azure AD. Using a third-party service can be beneficial because they generally do not have operating system and provider preferences, making the centralized user management of all types of IT resources less of a hassle.
Plus, third-party services frequently let you choose the features you want, so you don’t pay for more than what you need. Their implementation can be more streamlined than Azure AD as well (a typical AD to AAD integration requires AD DS on-prem, Azure AD Connect, AAD, and AAD DS just to sync the two).
For example, using a cloud-based directory eliminates the need for another on-prem server. Instead, it uses a lightweight agent on your domain controller to connect AD to the cloud-based directory, which then proliferates your identities to the cloud and non-Windows resources — like a Mac® device or Linux server at AWS. AD users can access everything they need to after that, regardless of what platform they’re on and where.
To learn more about how JumpCloud extends your Active Directory identities to the cloud, drop us a line or sign up for a free trial. The first 10 JumpCloud users are free forever and get complete functionality from the start.