12. Identity: Cloud, Sync or Federated?
Cloud identity provides a
solution where all identity
resides in the cloud
Federated identity allows
customers to retain all
authentication on-premises
Identity sync enables customers
to bridge their existing identity
into the cloud
17. Enriched user experience through a single, verified identity
Unified across cloud and on-premises with single sign-on
Integrated identity solution reduces risk across the business
Reduced IT burden of creating and managing multiple identities
Notas del editor
On previous slide we saw 3 components
Devices
Lock down app
Lock down of files
Identity is the core components. The best is 1 identity to control access to devices, app & files.
In this scenario: AD
With federated active directory and sync to Azure AD, we can achieve SSO. Do not require to key in password.
In case staff forget password. They can go to portal and perform self service password reset. Which reduce the burden of IT staff.
With 1 identify able access to multiple corporate SaaS.
When access app, the most common scenario is use user name & app. To enhance security, you can enable additional security called “MFA”.
Technology suppose to assist people and not create a burden and prevent people from using it.
Now let into a scenario:
A (Jane)busy woman staff which has multiple app that she need to access.
1 app – 1 identity
What happen when 30 app and 30 user name and password that she need to access.
Soon or later. She will forget password!
If you’re IT, How to solve this issue?
Let look into your scenario: Active Directory on-premise.
If yes, let start to sync username and password to Azure Active Directory. Password is hash and protected. Read need to rehash
Once it is sync to AAD, you can now login with same user name and password exactly on-prem and link to multiple SaaS.
When introduce new app, you do not need to create user name & password
By sync to AAD, you can have 1 common identity to access all password and achieve single sign on (without need to key in password)
That’s not all – if our User forgets a password (and that has happened), she doesn’t need to call the helpdesk – there’s a self-service password reset facility. IT can carry on.
Identify SaaS app. You can use Azure AD Discovery to detect SaaS
Let’s say our User travels a lot and has been known to lose a device or two. Our IT Pro has the peace of mind to know that his Hybrid Identity solution will allow him to spot anomalies in user behavior. Even our User is unlikely to be accessing her expense account from New York at 9am and Bangkok at 10am.
Central console to manage user account, group
-configuration
Set MFA
Change page branding
SaaS
Once activated Azure AD Premium, the system will monitor, learn and detect on abnormal behavior
Scenario- cannot from 2 different location.
Authentication 1st level using user name & password
2nd level – use MFA
Use app code
Use phone
Use sms
So, in summary – Hybrid Identity as part of the Microsoft solution for Enabling Enterprise Mobility puts your user at the center of the solution and gives IT an integrated identity management solution that reduces risk across the business.