Hybrid Identity with Azure Active Directory

Highlighted
Occasional Visitor

Businesses are now challenged to deal with increased workforce mobility and the rise of technology avenues in the market to better serve customers and partners. The prime goal for any business is to protect the assets (digital & physical) and make them securely accessible to customers, partners, vendors and employees. Identity and Access Management (IAM) has been a strong security pillar over the years providing these safe guards. Now, new IAM architecture concepts are rapidly evolving. One such concept is “Hybrid Identity”

 

Implementing IAM strategy is always proven to be a well-planned, tested and executed business function. With cloud environments growing, many businesses moving their applications to cloud and making them accessible to wider audience brings in the concepts like Single Sign On (SSO), Multi-Factor Authentication (MFA), Self Service Password Management, Device Management etc. The goal is to not only provide latency-free, secure authentication capabilities to the applications, but also to provide rich user experience.

 

I noticed; the infrastructure hosting directory servers and integrations is well hardened and any change to existing infrastructure requires lot of change approvals and reviews. With this, any modernization plans for the current IAM infrastructure will be a time prone activity. Well, Cloud Identity is rapidly growing on other hand giving businesses the right set of interfaces and integrations to manage all their identity needs without the overhead of managing the directory infrastructure. Everything, Identity Authentication, Authorization, Auditing, Access Management happens in the cloud. Being a pay as you go solution, Cloud Identity is well adopted among the startups and digital service businesses.

Majority of medium and large enterprises still tend to develop applications that depend on a federated on-prem authentication. Applications hosted in cloud and authentication requests sent to and forth to on-prem directories for authentication is not a good idea for scalability. So, the “Hybrid Identity” emerged -

 

The concept of Hybrid Identity, originated years back with cloud providers offering hybrid identity capabilities for customers on their cloud hosted identity directories. With Hybrid Identity, businesses have full control to over identity management and carry authentication and authorization functions either on on-prem or in the cloud depending on their application requirements. Hybrid Identity also promoted a new concept called “Bring Your Own Identity” BYOI – your application will start accepting identities from trusted third-parties.  Here is an example of Cisco application for customers and partners accepting identities from trusted third-parties.

 

sandeepseeram_0-1593796013146.png

 

 

Microsoft Azure AD is an offering from Microsoft, which offers Cloud and Hybrid Identity solutions. There are three deployment models for Hybrid Identity:

sandeepseeram_1-1593796013231.png

 

sandeepseeram_2-1593796013284.png

 

sandeepseeram_3-1593796013355.png

 

 

SANDEEP KUMAR SEERAM 

email: seerams@acm.org 

 

 

 

0 Replies