By Megan Anderson Posted December 4, 2019
As more IT organizations shift to the cloud, it’s imperative for them to maximize their on-prem investments. Such investments can quickly become a drain on an organization’s resources unless they are reconfigured to be more profitable. Nowhere is this more of an issue than with Microsoft® Active Directory® (AD), which has been a vital asset for many years but is steadily becoming vestigial. In this post, we’ll discuss how to leverage your AD investment for the cloud.
Active Directory: A Central Figure
Microsoft introduced Active Directory in 1999 when the IT market was almost entirely composed of Windows® products. Back then, an organization used mostly Windows applications and machines, and all work was done on-prem through –– you guessed it –– Windows systems and applications. However, despite the uniform IT environment, managing users was just as frustrating as it is today.
There was no way to unify machines on a local area network (LAN), nor was there anything in place to let IT admins secure them. With nearly everything existing under the Windows domain on-prem, AD was the perfect antidote. It gave admins the ability to control access to computers and other IT resources using one set of credentials the admin could manage from a central console. The benefits of AD were so great that it quickly became the core of most organizations.
Jump ahead a few years and the ideal environment that Microsoft had dominated no longer exists. The IT landscape today includes cloud infrastructure from AWS® and the like, applications from the web, macOS® and Linux® systems, WiFi, and many other resources.
As a result, the struggle of securely connecting users to the IT resources they need has resurged, except this time, Microsoft is much slower to administer a cure-all. Now, many admins are turning to cloud-based tools to integrate with their AD identities.
Benefits of Cloud Identity Integration with Active Directory
Admins can leverage their existing on-prem infrastructure by integrating Active Directory with a cloud identity management tool. This method ensures that users can access modern IT resources using the same identities they always have while admins remain with a familiar directory interface. This way, any disruption is kept to a minimum, the only noticeable difference being improved accessibility.
Integrating AD with a cloud identity management tool allows AD identities to be used for AWS, G Suite™, web applications such as Slack® and GitHub®, Samba-based file servers, and WiFi, among many others. Admins no longer need to manage multiple accounts for individual users, soothing the current rash of identity sprawl and restoring AD’s original appeal.
Imported users can also be provisioned as local accounts regardless of whether they use Mac, Linux, or Windows systems. Admins can take full advantage of policy management features similar to GPOs for said systems as well –– along with multi-factor authentication (MFA) and script execution –– all without a VPN.
Bridged AD identities can also leverage cloud-based protocols such as cloud RADIUS and admins can federate AD identities to a host of SAML 2.0-authenticated web applications, eliminating the need to do so through Active Directory Federation Services or other supplementary tools. The headaches of today can become little more than a simple process tomorrow by integrating AD identities with a cloud identity bridge.