Serverless360 provides Azure AD based authentication for the organization users. This document is intended for those organizations who manage their users using on-premises directories. To use Serverless360, its necessary to integrate your on-premises directories with the Azure AD using Azure AD Connect and configure Serverless360 with the Azure AD details.
Why Serverless360 uses Azure AD based Authentication?
Using Azure AD based authentication in Serverless360 has the following advantages,
- Simplified authentication solution
- Reliable Identity as a service from Microsoft Azure
- Supports industry- standard protocols, hence are assured of security
- Single Sign on to Serverless360 and other Microsoft applications
- Hassle free User management, User removed from Organization Active Directory will automatically lose access to Serverless360
Why Should I Integrate on-Premises directories with Azure AD?
- Integrating on-premise directories with Azure AD makes the users in the organization more productive by providing a common identity for accessing both the cloud and the on-premises resources.
- Organizations can provide users with a common hybrid identity across on-premises or cloud-based services leveraging Windows Server Active Directory and then connecting to Azure Active Directory.
- Administrators can provide conditional access based on application resource, device and user identity, network location, and multifactor authentication.
- Users can leverage their common identity through accounts in Azure AD to Office 365, Intune, SaaS applications and third-party applications.
- Developers can build the applications that leverage a common identity model, integrating applications into Active Directory on-premises or Azure for cloud-based applications.
Why should I use Azure AD Connect?
- Azure AD Connect makes this integration easy and simplifies the management of your on-premises and cloud identity infrastructure.
- Azure AD Connect replaces any other older versions of identity integration tools such as DirSync and Azure AD Sync. For more information on available tools and comparison, read this Hybrid Identity directory integration tools comparison.
- Azure AD Connect will be now the only directory synchronization tool supported by Microsoft as DirSync and AAD Sync are deprecated and supported only until April 13, 2017.
How to Integrate using Azure AD Connect?
- Prerequisites – Before heading with the Azure AD Connect installation, make sure that you:
- are on the server that will handle the synchronization (Supported OS versions: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016)
- Find the documentation with exhaustive information on prerequisites
- have downloaded Azure AD Connect from Microsoft Download Centre
- have a verified domain in Azure Active Directory, in case of a non-routable domain (such as .local domain) prepare the domain for directory synchronization as specified here
- Install Azure AD Connect
- Choose the most appropriate mode of installation based on your scenario
|Used when you have an existing DirSync server already running||Upgrade from DirSync|
|When there are different methods depending on your preference||Upgrade from Azure AD Sync or Azure AD Connect|
- Verify integration and add Sync Admins
- By default, only the user who did the installation and local admins can manage the installed sync engine.
- Verify the scheduled synchronization task
- You can refer to this guide for post-installation procedures
- More on Azure AD Connect
- You may also want to prepare for operational concerns if any. You might want to have a standby server so that you can easily fall over if there is a disaster. If you plan to make frequent configuration changes, then you should plan for a staging mode server.
- Refer this link for exploring more about Azure AD Connect
- On completion of syncing on-premises directories with Azure AD, continue with configuring Serverless360 with Azure AD.