Forum Discussion

VickVega's avatar
VickVega
Brass Contributor
Nov 09, 2019

Theoretical question - AD / Azure deployment

Let's say we have an organization on-prem with AD (company.com) and all the usual services. This company has a lot of clients who need access to some applications such as SAAS that can be implemente...
azure
Hybrid Cloud Management
carlosdoliveira's avatar
carlosdoliveira
MCT
Nov 13, 2019

VickVega, your ideia might work but not as you expect. Look, there's some supported topologies that you can deploy using Azure AD Connect and that will enable your customer to have their credentials (and password) synchronized. 

 

Have you read this doc already? https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-topologies

 

Since your customer's clients must connect using their own credentials, I think is worthy to take a look at that documentation. 

 

Also, creating a structure like *@client1.clients.onmicrosoft.com is currently not supported, since you will only have access to clients.onmicrosoft.com domain. What you can do instead is using a custom domain like client1.clients.com and then assign the users this domain as their UPN like user1@client1.clients.com. The problem with that is that you must have a separate domain exclusively to do this and you must be sure that you won't have any conflicts with users credentials (this might be a real headache).

Last thing is: is the application ready to be integrated with social accounts? would the application be compatible with Facebook, Google, etc? If so, you could try using Azure B2C for your customer to solve this.

 

Hope you find this useful.

 

Cheers!

VickVega's avatar
VickVega
Brass Contributor
Nov 28, 2019

carlosdoliveira Thank you, I have seen that article and the closest that can be done is https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-topologies#each-object-only-once-in-an-azure-ad-tenant approach. (Each object only once in an Azure AD tenant)

 

Resources