Furthering my learning with Microsoft Azure I thought I would write an article about managing user authentication in a hybrid enviroment after completing my badge, which you can see here.
In today's rapidly evolving digital landscape, organisations are increasingly shifting their workloads to the cloud. However, many still operate within a hybrid environment, utilising a blend of both on-premises and cloud applications. In such a scenario, it becomes crucial to provide users with seamless access to these diverse applications. This necessitates the implementation of a unified identity system across different platforms.
Microsoft’s suite of identity solutions addresses this need by bridging on-premises and cloud-based functionalities. These solutions facilitate a unified identity that serves as a key for authentication and authorisation, granting access to resources irrespective of their location. This approach is known as hybrid identity.
Achieving hybrid identity involves two key processes: provisioning and synchronisation.
Provisioning in a hybrid environment often involves inter-directory provisioning, which is the process of creating an identity in one directory service system based on the identity from another system. A common instance of this is when a user, already existing in Active Directory, gets provisioned into Microsoft Entra ID.
Synchronisation plays a vital role in ensuring that the identity information of users and groups in the on-premises environment is accurately reflected in the cloud.
One effective method to achieve both inter-directory provisioning and synchronization is through Microsoft Entra Cloud Sync. This tool is specifically designed to meet the hybrid identity objectives. It facilitates the provisioning and synchronization of users, groups, and contacts into Microsoft Entra ID. The backbone of this process is the Microsoft Entra cloud provisioning agent.
This agent acts as a connective bridge between Microsoft Entra ID and Active Directory and is lightweight in its operation. Deployment of this agent is required in the organization’s on-premises or IaaS-hosted environment. All provisioning configurations are stored within Microsoft Entra ID and are managed as an integral part of the service.
The Microsoft Entra Cloud Sync provisioning agent leverages the System for Cross-domain Identity Management (SCIM) specification in conjunction with Microsoft Entra ID. This specification is instrumental in provisioning and deprovisioning users and groups. SCIM is a widely recognised standard for the automated exchange of user or group identity information across different identity domains, such as between Microsoft Entra ID and other systems, solidifying its position as the standard bearer for provisioning in hybrid environments.
This adaptation of Microsoft’s hybrid identity solutions reflects the commitment to provide a seamless and efficient user experience across diverse IT environments, paving the way for a more integrated and cohesive digital workplace.