question

JordanLance-9475 avatar image
0 Votes"
JordanLance-9475 asked shashishailaj edited

Azure AD Domain Services Setup

Hi, we have recently been migrated to Microsoft 365 and are taking a cloud-first approach and so have an active Azure AD setup as part of our Microsoft Business Premium licenses.

The problem we will face soon is that we do not use any LDAP/Azure Domain Services for SSO capabilities and so accounts for Slack, VPN etc. are all licensed locally with each respective application. This poses a future problem with the administration of hundreds, if not thousands of accounts across multiple applications instead of managing them via Azure AD Domain Services.

My question is, how do we go about setting up Azure AD Domain Services when we already have a live and used Azure AD from our M365 licenses?

Any help would be appreciated!

azure-ad-domain-services
· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@JordanLance-9475 , You have mentioned that you do not use any LDAP/Azure domain services for SSO capabilities . Do you have any application that depends on LDAP for authentication or any legacy auth methods like Kerberos/NTLM authentication in your on-premise setup . Azure AD domain services setup is something that's recommended for cloud-first organizations where your LOB applications do not support modern authentication protocol like oAUth / OpenID and rely on older protocols generally used in on-prem Active directory scenario? If you do not have any such application , you may not need azure AD domain services . ut we can discuss more once you provide information on the kind of applications you are trying to migrate to Azure and if all your users are going to work remotely in future or they will work from a designated physical Office location.

1 Vote 1 ·

@shashishailaj

Hi, thanks for the message back.

In terms of applications, most of our apps are already cloud-based and we just want to link then to be able to login using SSO.

The main ones are things like NetExtender VPN from our Sonicwall Firewall, Eploy Applicant Tracking, Autodesk, Adobe, CMAP etc.

In addition, users will be working from home and in office locations across the UK.

Thanks for your help!

0 Votes 0 ·

@JordanLance-9475 ,
As far as I know autodesk and Adobe are standalone apps and download the license directly from the web these days so should not be a problem but I would suggest you to check with their enterprise support teams to be sure. The rest I am not sure. If your netextender VPN can only use active directory to verify user creds then you may have to set up Azure AD domain services but first test it out if it works because Azure AD domain services is not exactly similar to On-prem AD .

1/2

1 Vote 1 ·

As @Sam-Cogan has mentioned in the answer that if the application does support SAML/WSfed/OIDC then you wont need Azure AD domain services. Check with sonicwall support if the netextender VPN component supports oAuth/Open ID connect / SAML / WSfed validation with azure AD . Then probably with their help you can setup a SSO with azure AD. An example for Fortigate SSL VPN is here . And if it does not support SAML then you can setup Azure AD domain services and set the firewall normally . I am not sure how the interface looks like but the process should be similar to any other VPN firewall . Please let me know in case of any further queries If it was helpful , please do accept the answer.


2/2

1 Vote 1 ·

1 Answer

Sam-Cogan avatar image
1 Vote"
Sam-Cogan answered

If you are just using cloud applications such as Slack etc. that support SAML or OIDC then you do not need AAD DS. AAD DS is only really needed if you need to support legacy applications that require LDAP.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.