Azure Active Directory

As we move to a more cloud orientated world, CTOs and IT architects are going to need to put some careful thought into the management of user identities. They need to ensure systems remain secure, and that users remain productive, so I think it’s time they considered Azure Active Directory as part of their Identity Management Strategy.

Let’s look at what happens if identities are not managed properly:

  • The organisation engages with cloud SaaS offerings and each user gets a login for each service

  • Users use personal accounts (Facebook, LinkedIn, Microsoft) to interact with cloud services. What are the problems with that?

  • Corporate policies such as strong passwords, password expiration, and multi-factor authentication are not adhered to

  • Users have a lot of passwords to remember so they forget them or write them down

  • Users spend considerable time logging in, retrieving lost passwords etc

  • There is no easy way to see who has access to what

  • When people leave it is hard to ensure that they no longer have access to anything

  • The organisation may continue to pay subscriptions for users that have left

So when it comes to identity management there are two basic principles to follow:

  • There should be a low a number of identity stores (I’m talking logically here – physical replication for performance or other reasons is fine, as is separate stores for internal and external users)

  • For internal users at least, the identity stores should be under the control of the organisation

For external users an identity store provided by a third party may be acceptable – for example allowing users to access secure web site content using their Facebook account. It depends on the scenario.

For every organisation that we work with, the primary identity store is Active Directory. Synchronising this to Azure Active Directory in a safe and secure way is an important first step towards identity management in a modern world, as it allows the same identities to be used across on premise and cloud based systems. More on that in a future post.

For more help and advice about identity management within your organisation, please contact us.

You may also be interested in: