A world where Microsoft Active Directory (AD) thrives looks much different than the world we’re currently working in. Before, workers walked into offices lined with cubicles that each housed their own desk. On each desk typically sat a Windows® computer, and on that computer was everything an employee needed to do their job.
Now, employees use web applications and productivity suites to accomplish daily tasks, networks are wireless instead of wired, employees work on different operating systems (Windows, macOS, and Linux), and much of the world is working from home. This new way of working challenges organizations hosting Microsoft’s legacy directory service, as it struggles to manage user access to resources beyond the Windows domain.
Below, we’ll discuss key components admins need to address for enabling users as they work from home, and how they can make AD work for a remote workforce.
Remote Users Need to Access Their Work
Previously, only a small percentage of the user population was remote, so the focus on enhancing the remote user experience wasn’t necessarily there. Typically, IT admins taught the few users who worked from home how to work around issues, with the goal to get everybody productive quickly.
Now, remote user troubleshooting no longer applies to the minority of your workforce. It’s not as simple as helping one user who works from home; entire organizations are now operating on a full-time remote model.
IT needs to efficiently enable a wide range of users with access to an even wider array of IT solutions, including legacy and web applications, cloud and on-premises servers, physical and virtual file servers, and WiFi and VPN networks — all while being remote. The challenge with AD is that it wasn’t built for cloud technology and remote working.
Managing Access to Cloud Resources
Active Directory struggles to grant user access to web applications, productivity suites, and Infrastructure-as-a-Service (IaaS) platforms like AWS®. As a result, admins enable point solutions to manage user access to non-Windows or cloud-based resources.
Maintaining numerous identity management solutions is difficult for IT teams, especially when remote. Each solution requires its own level of manual implementation and maintenance, and siloing identities between different platforms has potential to harm the organization if not properly managed.
For example, when deprovisioning user access, IT teams have to make sure they’ve removed that user’s access to each solution. If by some chance internal IT doesn’t, a former employee could still gain access to sensitive organizational information after they’ve left the organization.
Tunneling Back to the On-Prem Domain
In addition to instantiating point solutions, organizations using legacy directory services connect users back to the on-prem domain with VPNs. While IT teams may still want to use VPNs as an added layer of security, it’s not necessary to tunnel back to an on-prem domain in the first place when many of the resources employees use live outside the domain.
Securing Machines Remotely
In addition to enabling access to IT resources, IT admins are often required through compliance guidelines or internal policies to secure the systems employees work on. This can be challenging for non-Windows systems and even for remote systems that are Windows-based and ultimately connected to AD via a VPN.
Systems are the user’s conduit to their work. IT teams need to ensure they’re locking down remote systems, regardless of provider. Doing so not only protects the users from compromised systems, but it also safeguards sensitive network information. Generally, there also needs to be some training for end users in order to make them productive and safely enable their access to IT resources.
Using The Cloud to Make AD Work With Remote Workers
There’s a lot that goes into enabling your users to work from home, and Active Directory may only solve part of that. Instead of trying to solve each remote management issue as it arises, which can be frustrating and tedious, perhaps the best approach you can take is to connect AD with a single, comprehensive solution built to accommodate the new normal.
JumpCloud Directory-as-a-Service is the first cloud directory service designed to support your users no matter where they may be, or what platform they’re working on. Using JumpCloud’s AD Integration, organizations extend AD-managed identities beyond the on-prem domain, granting user access to their resources from one location, including:
- Windows, macOS, and Linux systems
- Web applications and productivity suites
- IaaS platforms
- Networks via RADIUS
Additionally, using AD Integration, admins can provision users in AD from the cloud-based console, sync user changes to passwords automatically, remotely control users and their systems, manage groups, and gain insight into their entire remote workforce from one platform. All of this can be accomplished without users needing to tunnel to an on-prem domain through a VPN.
Making AD work with remote workers doesn’t have to be complicated. Interested in learning more? Reach out to one of our representatives to see AD Integration in action, or check out our white paper for more information on how our integration works.