Extend Active Directory for Your Clients

Written by Zach DeMeyer on May 18, 2020

Share This Article

Are you an MSP that manages Active Directory® for your clients, but needs to manage non-Windows® and cloud-based resources for them as well? Extending Active Directory for your clients may be more straightforward than you think.

Why Active Directory Needs an Extension

Microsoft® Active Directory (AD) has long served the role of identity provider (IdP) for organizations worldwide. It’s dominance is largely thanks to its efficacy at managing identities and access to resources within an on-prem, Windows® domain. In IT’s early days, these types of environments were the de facto standard for the average organization, leading AD to quickly rise to the top of the directory services market.

However, in today’s IT landscape, on-prem, Windows-centric environments still persist, but they’re slowly becoming few and far between. Several factors play into this paradigm shift:

AD struggles to extend its on-prem identities to these cloud-based and non-Windows resources. In order to extend these identities for their clients and differentiate themselves in the market, MSPs need to purchase additional solutions to bolster client AD instances. We will talk about these specifically in a second.

Beyond the proliferation of these new technologies, MSPs need to physically administer clients’ AD infrastructure on-prem in order to configure and maintain each AD instance. This necessity has been the case since the early days of managed IT services, but in the modern era, the process is time consuming compared to using an AD extension solution.

Options for Extending AD

There are several options an MSP can employ to extend their clients’ AD identities to resources outside of AD’s domain.

Identity-as-a-Service (IDaaS)

Following the Software-as-a-Service boom, vendors responded to AD’s authentication limitations with resources outside of its domain and created a new class of solution called IDaaS. Using IDaaS tools, MSPs and other IT admins can extend AD credentials to non-Windows systems and cloud-based applications.

Most IDaaS solutions are dedicated to specific niches. For example, one type of IDaaS tool is web application single sign-on (SSO) solutions, which leverage the SAML protocol to federate identities between AD and cloud apps. Another type of IDaaS tool is known as an identity bridge. Although the meaning of the phrase has fluctuated recently, the most common way it’s used is to describe tools that connect Mac and Linux systems to Windows domains. 

Because these IDaaS tools only target specific segments of IT resources, MSPs often need to purchase a variety of them to accomplish the AD extension their clients require. This approach racks up costs for both MSPs and clients alike. For MSPs, switching back and forth between each solution as needed means more money lost to overhead. Clients face the additional costs of each of these solutions as well on the bottom line of their MSP’s invoice.

Azure AD

Azure® Active Directory (Azure AD or AAD) is the user management platform for Microsoft’s Azure cloud Infrastructure-as-a-Service (IaaS) solution. Azure AD can be used in tandem with on-prem AD through Azure AD Connect to extend AD identities to the Azure cloud, Office 365™, and a selection of web apps through SSO. Though useful for these resources, Azure AD struggles to extend identities to Mac or Linux systems. So, Azure AD may not be the ideal AD extension option for clients with a blend of operating systems in their environment.

JumpCloud AD Integration

AD Integration is a feature of the JumpCloud® Directory-as-a-Service® product that leverages a cloud directory service to extend AD identities to virtually all IT resources, regardless of location or provider. With AD Integration (ADI), MSPs can manage their clients’ AD identities completely from the cloud, foregoing the need to manage them on-prem. MSPs can leverage ADI’s bidirectional identity sync to allow client self-service password management, which propagates to any resource managed through AD or JumpCloud.

Specifically for MSPs, JumpCloud also features a Multi-Tenant Portal (MTP) that centralizes clients’ identity and access management into a unified cloud console. The MTP provides a single pane of glass from which MSPs can extend AD identities to Mac, Linux, cloud apps and infrastructure, and more. MSPs can also use the MTP to navigate across disparate client organizations and apply security settings on systems and identities as necessary.

Learn More

If you need to extend AD for your clients but are unsure how, give JumpCloud’s AD Integration a try today. The first 10 users and systems on any JumpCloud account are completely free — just sign up here to get started.

Zach DeMeyer

Zach is a Product Marketing Specialist at JumpCloud with a degree in Mechanical Engineering from the Colorado School of Mines. He loves being on the cutting edge of new technology, and when he's not working, he enjoys all things outdoors, music, and soccer.

Continue Learning with our Newsletter