We have several offices all around the world eg; Sydney, London, UK, LA, Norway etc... which have been through aquisitions and mergers. Several of the sites have their own on-prem AD and are being sync'd to a single O365 tenant through AD Connect. For smaller sites that don't have an on-prem AD, users are created in the Sydney HQ AD. IT admin connects to the Sydney AD via RDP and creates users in their specific OU. We want to eliminate the need for IT Admins to RDP in to manage their users.
We need a central source of truth where IT admins login to a portal, manage their own location specific Users and any changes are than sync'd back to their location AD (because of other on-prem resources which are AD dependant). Is this something AAD can do?
So briefly, our requirements are:
- Centralised User management (Most important)
- User self service password reset/unlock.
- SSO with third party apps
- Mac support (for password reset, SSO)
Okta partly does what we need but being a Microsoft shop, a solution from Microsoft will be easier to integrate into our ecosystem.