Explain the concept of hybrid identities

Go back to Tutorial

In this, we will describe the concepts of hybrid identities and other methods.

Organizations can utilize either a hybrid or a cloud-only identity approach. The hybrid model, on the other hand, creates identities in Windows Active Directory or another identity provider. After that, it’s synced with Azure AD. In the cloud-only architecture, however, identities are created in Azure AD.

Furthermore, users who access both on-premises and cloud apps are handled as hybrid users in the on-premises Active Directory. All changes to user accounts, groups, and contacts in your on-premises AD DS are synchronized to your Azure AD. When employing the hybrid paradigm, however, authentication may be done in a variety of ways.

• Firstly, Azure AD using managed authentication.
• Secondly, Azure AD redirecting the client requesting authentication to another identity provider using federated authentication.

Authentication Methods

Three authentication methods are:

• Firstly, Password hash synchronization. The simplest way to enable authentication for on-premises directory objects in Azure AD. Users have the same username and password that they use on-premises without any other infrastructure required.
• Secondly, Pass-through authentication (PTA). Provides a simple password validation for Azure AD authentication services by using a software agent. This can run on one or more on-premises servers. The servers validate the users directly with an on-premises Active Directory, which ensures that the password validation doesn’t happen in the cloud.
• Lastly, Federated authentication. Azure AD hands off the authentication process to a separate trusted authentication system, such as on-premises Active Directory Federation Services (AD FS), to validate the user’s password.

Reference: Microsoft Documentation

Go back to Tutorial