Forum Discussion
AD+ADFS+AAD
Hi
Can anyone enlighten me about AD, ADFS & AAD - and how you have "moved" your users into O365?
Have you synced all accounts from AD to AAD - or have you "prepared" the users first in AD e.g. by setting a extension attribute and then on ADFS configured a filter so only these users gets into the AAD - or?
It really depends on what you are trying to achieve, if you'd like some consensus on how it's done generally, this is a great article if you haven't seen it already - https://cloudblogs.microsoft.com/enterprisemobility/2017/11/13/how-organizations-are-connecting-their-on-premises-identities-to-azure-ad/.
https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-pass-through-authentication is a phenomenal https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-user-signin along with https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-sso, offering many of what were traditionally only available with AD FS and without the infrastructure downsides.
WIth the https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-configure-filtering, there is a lot of scope to onboard in whatever way works for a given situation. These include https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-configure-filtering#group-based-filtering and https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-get-started-custom#domain-and-ou-filtering.
1 Reply
It really depends on what you are trying to achieve, if you'd like some consensus on how it's done generally, this is a great article if you haven't seen it already - https://cloudblogs.microsoft.com/enterprisemobility/2017/11/13/how-organizations-are-connecting-their-on-premises-identities-to-azure-ad/.
https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-pass-through-authentication is a phenomenal https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-user-signin along with https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-sso, offering many of what were traditionally only available with AD FS and without the infrastructure downsides.
WIth the https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-configure-filtering, there is a lot of scope to onboard in whatever way works for a given situation. These include https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-configure-filtering#group-based-filtering and https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-get-started-custom#domain-and-ou-filtering.