question

HannaH021-9125 avatar image
0 Votes"
HannaH021-9125 asked RakeshJagatap-4451 commented

SSO Authentication

Hi All

I'm designing a solution that has a PaaS management service, which receives data from linux/windows VM servers in Azure. These servers are domain joined using ADDS. I don't have ADFS in the mix, and ADDS and Azure AD are not federated.

The ask: I'd like my users to have the same identity (username and password) as that in the ADDS.

What would be the most appropriate way to authenticate users against the PaaS management service? Using Azure AD and then establish federation with ADDS?

Any better thoughts?

Thanks

azure-active-directoryadfs
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi, if any of the posted answer resolves your question, please mark it as the answer by clicking the check mark. Doing so helps others find answers to their questions.

0 Votes 0 ·
Justaone555 avatar image
0 Votes"
Justaone555 answered

Hey,

I would like to clarify that i understood you correctly,
You have an on-premises AD which has all your users and the servers which are deployed in Azure.
and you would like the users from the on-premises to authenticate to Azure AD with the same credentials, and have access to the PaaS service?


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

HannaH021-9125 avatar image
0 Votes"
HannaH021-9125 answered Justaone555 commented

@Justaone555 , thanks

We have Active directory domain services installed on a server within the Azure network... this allows our users to connect to VMs using domain accounts.

We want to allow our users to use the same credentials for the PaaS service on the internet.

I think we have two options
1. Either we have an ADFS service that authenticates users using their domain credentials, and configure the PaaS service to use that ADFS server
2. We establish federation between Azure AD and ADDS and allow them to authenticate against the Azure AD service.

Are there any other options? Or are these options not valid? Or is there a preference?

Thanks

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Well the usual approach to such deployments i think is creating a service principal which is basically an account for the application so it can connect to the Azure AD and get all the info in order to process authentication during a sign-in. (Here's a link about that https://docs.microsoft.com/en-us/azure/active-directory/develop/app-objects-and-service-principals).

But that will require creating a service principal within Azure AD, and syncing users..
So in order to save time and effort, i think i would go with option number 1.

1 Vote 1 ·