Forum Discussion
Hybrid IAM with O365 and AWS
Hi Team, I have a below scenario to discuss and looking for a single IAM solution. - Business units ( 3 😞 - A, B & C - 200 employees in each business unit i.e around 600 users - Users email acc...
Hey mate,
You have an interesting scenario. I am not an SME on the subject but here are some suggestions:
Yes, you can sync a single AD source through Azure AD Connect to multiple O365 Azure AD tenants. However, each user must have a unique User Principal Name (UPN) across all the tenants. You can achieve this by using a different domain suffix for each tenant in the UPN. For example, email address removed for privacy reasons, email address removed for privacy reasons, email address removed for privacy reasons.
If you create new IDs in the local AD and sync them, existing O365 IDs for users in Azure AD will remain as they are. The new IDs will be created in Azure AD as new user accounts. If you want to merge the existing O365 IDs with the new IDs, you can use a tool like Azure AD Connect to match them based on a common attribute, such as the email address.
Yes, you can set up a federation between AWS SaaS services and local AD using ADFS. You can also use Azure AD as the identity provider for AWS SaaS applications. To achieve this, you need to configure AWS SaaS applications to trust Azure AD as the identity provider and configure Azure AD to federate with your local AD using ADFS.
I hope this helps. Let me know if you have any further questions.
Kind regards,
Luke Madden
You have an interesting scenario. I am not an SME on the subject but here are some suggestions:
Yes, you can sync a single AD source through Azure AD Connect to multiple O365 Azure AD tenants. However, each user must have a unique User Principal Name (UPN) across all the tenants. You can achieve this by using a different domain suffix for each tenant in the UPN. For example, email address removed for privacy reasons, email address removed for privacy reasons, email address removed for privacy reasons.
If you create new IDs in the local AD and sync them, existing O365 IDs for users in Azure AD will remain as they are. The new IDs will be created in Azure AD as new user accounts. If you want to merge the existing O365 IDs with the new IDs, you can use a tool like Azure AD Connect to match them based on a common attribute, such as the email address.
Yes, you can set up a federation between AWS SaaS services and local AD using ADFS. You can also use Azure AD as the identity provider for AWS SaaS applications. To achieve this, you need to configure AWS SaaS applications to trust Azure AD as the identity provider and configure Azure AD to federate with your local AD using ADFS.
I hope this helps. Let me know if you have any further questions.
Kind regards,
Luke Madden