Enterprise Security Package (ESP) provides Active Directory integration for Azure HDInsight. This integration allows domain users to use their domain credentials to authenticate with HDInsight clusters and run big data jobs.
HDInsight ID Broker (HIB) provides single sign on with Azure Active Directory with modern OAuth authentication to Apache Ambari while having multifactor authentication enforcement. HDInsight ID Broker provides the authentication infrastructure that enables protocol transition from OAuth (modern) to Kerberos (legacy) without needing to sync password hashes to Azure AD DS. This infrastructure consists of components running on a Windows Server virtual machine (VM) with the HDInsight ID Broker node enabled, along with cluster gateway nodes.
Multi-factor authentication is a process where a user is prompted during the sign-in process for an additional form of identification, such as to enter a code on their cellphone or to provide a fingerprint scan.
Use the following table to determine the best authentication option based on your organization's needs.
Use Case: Customer can choose the Authentication option from above table. In this example we will focus on how to enable multifactor Authentication for the HDInsight cloud users and to Access Ambari with MFA.