Four Ways to Leverage Your Existing Infrastructure for Office 365 Authentication

By - June 29, 2017

When it comes to having a successful Microsoft Office 365 deployment, it is important to keep the end user’s experience in mind. For this reason, we need to keep Office 365 authentication as familiar and seamless as possible. In this article, I will cover four ways you can leverage your existing Active Directory infrastructure for Office 365 authentication.

Third-Party Identity Management Tools

There are various third-party identity management tools that can be used to extend your Active Directory structure into Office 365. One such tool is Okta. Okta is simple to set up and free for a single application. From the Okta portal, managers can control user access to sites such as Exchange Online, Salesforce and many others. This level of control and flexibility are the main selling points for third-party identity management tools.

You can learn more about Okta here.

Active Directory Federation Services

Active Directory Federation Services (ADFS) has been around since the early 2000s, and has been the go-to option for organizations needing to secure external resources such as Office 365 with their existing Active Directory infrastructure. In the case of Office 365, ADFS servers would be added to your existing infrastructure and configured to authenticate your users to Office 365. ADFS can be configured to give or deny access to users based on the device they are on, what groups they are in, or where they are trying to connect from. This level of control is the main reason organizations choose ADFS for Office 365 authentication.

You can learn more about Active Directory Federation Services here.

Azure AD Connect with Password Synchronization

Azure AD Connect with password synchronization is the fastest, simplest and cheapest way to use your current Active Directory infrastructure for Office 365 authentication. Azure AD Connect is a tool provided by Microsoft that synchronizes your existing users and their passwords to Office 365, essentially making a copy of your users in Office 365. This gives your users a fairly simple method of authentication while retaining a username and password with which they are already familiar. Azure AD Connect does not provide all of the auditing and controls that ADFS brings to the table, so be sure you understand your organization’s requirements in these areas before moving forward with just Azure AD Connect.

Azure AD Connect with Single Sign-On and Pass-Through Authentication

Microsoft recently added single sign-on and pass-through authentication to the Azure AD Connect authentication options. Single sign-on allows Azure AD Connect to give you a user authentication experience comparable to ADFS, which means fewer password prompts for your end users. Pass-through authentication removes the need to sync passwords from your existing infrastructure to Office 365. Instead, when a user tries logging into Office 365, Office 365 communicates directly to your local Active Directory infrastructure to authenticate the user. When you put these two features together, you get a user experience that is very comparable to ADFS, without having to go through any complicated setup process. The single sign-on and pass-through authentication features have been in preview since early this year, so they should be fully supported by Microsoft in the next month or two.

You can learn more about Azure AD Connect and its authentication options here.

When choosing an authentication solution, remember to keep your security policies in mind. Use these policies as a guide to decide which solution best meets your requirements. Also, be sure you consider user experience when making decisions on authentication solutions for Office 365.

To learn more about RSM’s consulting services and managed IT services offerings, please visit our website. You can also contact RSM’s technology and management consulting professionals at 800.274.3978 or email us.



Receive Posts by Email

Subscribe and receive notifications of new posts by email.