This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(60.8, 31%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EH%3C/text%3E%3C/svg%3E)
Hi All
I'm designing a solution that has a PaaS management service, which receives data from linux/windows VM servers in Azure. These servers are domain joined using ADDS. I don't have ADFS in the mix, and ADDS and Azure AD are not federated.
The ask: I'd like my users to have the same identity (username and password) as that in the ADDS.
What would be the most appropriate way to authenticate users against the PaaS management service? Using Azure AD and then establish federation with ADDS?
Any better thoughts?
Thanks
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(310.4, 54%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERJ%3C/text%3E%3C/svg%3E)
Hi, if any of the posted answer resolves your question, please mark it as the answer by clicking the check mark. Doing so helps others find answers to their questions.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 35%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
Hey,
I would like to clarify that i understood you correctly,
You have an on-premises AD which has all your users and the servers which are deployed in Azure.
and you would like the users from the on-premises to authenticate to Azure AD with the same credentials, and have access to the PaaS service?
@Justaone555 , thanks
We have Active directory domain services installed on a server within the Azure network... this allows our users to connect to VMs using domain accounts.
We want to allow our users to use the same credentials for the PaaS service on the internet.
I think we have two options
Are there any other options? Or are these options not valid? Or is there a preference?
Thanks
Well the usual approach to such deployments i think is creating a service principal which is basically an account for the application so it can connect to the Azure AD and get all the info in order to process authentication during a sign-in. (Here's a link about that https://learn.microsoft.com/en-us/azure/active-directory/develop/app-objects-and-service-principals).
But that will require creating a service principal within Azure AD, and syncing users..
So in order to save time and effort, i think i would go with option number 1.