Identity considerations Cloud Sync or Federated Saa S

Identity considerations: Cloud, Sync or Federated? Saa. S Apps Active Directory Resources in other businesses or identity realms Cloud identity provides a solution where all identity resides in the cloud Identity sync enables customers to bridge their existing identity into the cloud Federated identity allows customers to retain all authentication on-premises Active Directory B 2 B federated identity allows customers to securely share and collaborate with each other

Common Identity with Sync and Federation Synchronization Active Directory *Write back of attributes to support cloud first and co-existence Identity Sync with password hash sync User attributes are synchronized including the password hash, Authentication can be completed against either Azure or Windows Server Active Directory Federation Identity Sync Active Directory AD FS provides conditional access to resources, Work Place Join for device registration and integrated Multi-Factor Authentication AD FS User attributes are synchronized, Authentication is passed back through federation and completed against Windows Server Active Directory *Coming Soon

Monitor and protect access to enterprise apps alerts

Self-service experiences in the cloud Users can manage access requests through self-service group management Users can edit their profile details to update and add missing information Saa. S Apps Active Directory Users can easily access the Saa. S apps they need, using their existing Active Directory credentials. Self Service Password change and reset for cloud users Leverage existing investments in Active Directory for a single set of user credentials Active Directory

Selection of pre-integrated Saa. S apps

Example Workload: Single sign-on to 1500+ Saa. S Apps Directory Sync When an Active Directory user logs on, their synchronized credentials are used to authenticate against Azure Active Directory Sync with password hash sync Saa. S App Active Directory Cloud Identity A user with a cloud only identity can sign in to the Saa. S app using their Azure Active Directory credentials Sync without password hash sync Active Directory Federation Services Federated Identity When an Active Directory user logs on, the authentication is passed back and validated against Windows Server Active Directory