I have a big enterprise that is synching their local Active Directory to Azure AD using AAD Connect to use Office 365 and Single Sign On to SaaS application. They are investing also on creating cloud only users on Azure AD for specific scenarios.
They are looking to purchase a service desk system as a SaaS application. They are asking for a way to sync AD users from our side.
They suggested to deploy a sync server on-premise to connect to the local AD and sync users from there.
I was thinking why not to have the SaaS application to sync from Azure AD directly, so that they can sync those cloud identities that do not exist on the local AD.
Also, as the number of SaaS application increases, each one of those want to deploy a sync server on premise to sync users from the local AD.
It would be great if Azure AD would expose an easy way to sync identities directly to those SaaS applications. I know there is the Microsoft graph, but most SaaS applications do not yet support a sync mechanizm by connecting to the microsoft graph.
Any thoughts here. Just want to see if anyone has similar scenario ?