First published on CloudBlogs on Nov, 04 2014
With IT departments enabling users to work anywhere on any device, identity management becomes a very critical component of an organization’s enterprise mobility strategy. It is important to allow your users access to the data they need, but to be able to manage and monitor that access. A user’s apps, devices, data, and identity need to be bound together to allow IT insight around their corporate resources.
Having insight is only useful however, if operating your IT solutions is a simple process. Using a hybrid identity approach allows you to manage your on premise and cloud users on the same console and with the same processes. The integration of on premise identity with cloud identity is vital to a mobile enterprise.
The Hybrid Identity Vision
There are several key elements of Microsoft’s Hybrid Identity strategy:
Allow customers to create and manage a single identity for each user across all on premises directories, keeping attributes in sync and providing self-service and single sign-on for users.
with Windows Server Active Directory Federation Services to maintain all authentication against a datacenter-based directory.
Utilize Azure Connect to set up synchronization between on premises and cloud directories (including write back to on premises).
Provide single sign-on access to hundreds of cloud-based SaaS applications.
Enforce strong authentication to sensitive applications and information with conditional access policies and multi-factor authentication.
Keep users productive with self-service password reset and group management for both datacenter and cloud-based directories.
Self-Service Capabilities Lead to Higher Productivity
Let’s zero in on some of the self-service capabilities of Microsoft’s Hybrid Identity vision. The Azure Active Directory self-service access panel lets employees manage themselves. IT can provide end users with entry to the access panel. Then when users login, they are automatically signed in to all of their applications. They no longer have to remember all the different log on combinations they created, as their on premise identity can be used to access all their cloud identities. For many organizations, when employees forget or need to change their on premise password they call the IT department. These helpdesk calls often have hard costs for an organization’s IT department. The Azure access panel features a password reset function that will securely change the user’s password. If the organization has enabled write back from Azure Active Directory this password change will be written back to the on premises directory.
Password reset isn’t the only self service capability within the access panel. Employees can also add and remove themselves from groups. Imagine when an employee moves from HR to marketing. They now need access to a completely different set of applications to properly do their job. Azure Active Directory Premium makes this simple. All the employee has to do is enter the group management section of the access panel and add themselves to the new group. Once the group admin approves the request, they will automatically have access to all of the applications provisioned for that group.
Not only do these services empower your employees, it also removes hassles from the IT perspective. Password resets are a time consuming and costly expense for businesses. When you use a service that has top of the line identity management, your business will reap the benefits.
Enterprise Mobility Suite
Our Hybrid Identity solutions can be purchased most cost effectively as part of the Enterprise Mobility Suite (EMS). EMS also contains solutions for Mobile Device and App Management (via Microsoft Intune) and Information protection (via Microsoft Azure Rights Management Service).
Learn more about the Enterprise Mobility Suite
Try Enterprise Mobility Suite
Try Azure Active Directory Premium