@scottalanmiller said in SSO - What Are You Using and Why?:

@wrx7m said in SSO - What Are You Using and Why?:

@scottalanmiller said in SSO - What Are You Using and Why?:

@Tim_G said in SSO - What Are You Using and Why?:

@scottalanmiller said in SSO - What Are You Using and Why?:

@wrx7m said in SSO - What Are You Using and Why?:

@scottalanmiller - I can't seem to find how I would implement the Azure AD outside-in approach. I see tons of stuff on how I have already installed AADConnect and sync out.

You just... use it. There's nothing to know. Shut down AD, use Azure AD.

I think he's saying that his on-prem network would then need access to his Azure AD for user/computer authentication.

Well the users just authenticate to it. But since Azure AD comes with your hosted email, it's weird to want old on prem email to authenticate to it, too.

I will be ditching my Exchange 2010 but was wondering how it would be affected by it. So what about about the rest of the on-prem servers that are all AD domain members?

That'll be case by case. What's an example workload?

Filemaker Server, ShoreTel Server, an ERP server, File and Print servers, RDGateway/Terminal Server, vCenter, Spiceworks, PRTG, Veeam

@scottalanmiller said in SSO - What Are You Using and Why?:

@Tim_G said in SSO - What Are You Using and Why?:

@scottalanmiller said in SSO - What Are You Using and Why?:

@wrx7m said in SSO - What Are You Using and Why?:

@scottalanmiller - I can't seem to find how I would implement the Azure AD outside-in approach. I see tons of stuff on how I have already installed AADConnect and sync out.

You just... use it. There's nothing to know. Shut down AD, use Azure AD.

I think he's saying that his on-prem network would then need access to his Azure AD for user/computer authentication.

Well the users just authenticate to it. But since Azure AD comes with your hosted email, it's weird to want old on prem email to authenticate to it, too.

I will be ditching my Exchange 2010 but was wondering how it would be affected by it. So what about about the rest of the on-prem servers that are all AD domain members?

@scottalanmiller said in SSO - What Are You Using and Why?:

@wrx7m said in SSO - What Are You Using and Why?:

@scottalanmiller - I can't seem to find how I would implement the Azure AD outside-in approach. I see tons of stuff on how I have already installed AADConnect and sync out.

You just... use it. There's nothing to know. Shut down AD, use Azure AD.

There has to be more to it. Does it migrate the existing AD domain and all the users/computers accounts? What about my on-prem Exchange 2010 server?

@scottalanmiller - I can't seem to find how I would implement the Azure AD outside-in approach. I see tons of stuff on how I have already installed AADConnect and sync out.

@Tim_G Unfortunately, it won't allow a .local because it isn't a public TLD.

@Tim_G I don't have issues with it, per se, it is a problem with having the .local and using the extra public domain so that it effectively turns the office 365 activation/portal from someone's actual email address, [email protected] to [email protected] but using the same password. People rarely remember the difference when logging in to O365. I can't blame them.

@scottalanmiller said in SSO - What Are You Using and Why?:

@wrx7m said in SSO - What Are You Using and Why?:

@scottalanmiller said in SSO - What Are You Using and Why?:

@wrx7m said in SSO - What Are You Using and Why?:

I have not considered that. Although, I am concerned about the past issues with its reliability/availability.

How often have you lost Azure AD?

I haven't. I meant Azure in general.

Not the same thing :) Azure is pretty fragile. Azure AD is not.

That is good to know. I should look at to see the design considerations/topology.

@scottalanmiller said in SSO - What Are You Using and Why?:

@wrx7m said in SSO - What Are You Using and Why?:

I have not considered that. Although, I am concerned about the past issues with its reliability/availability.

How often have you lost Azure AD?

I haven't. I meant Azure in general.

@scottalanmiller said in SSO - What Are You Using and Why?:

@wrx7m said in SSO - What Are You Using and Why?:

Currently, I am using AADConnect (formerly dirsync) to sync users' login info for license activation and onedrive. The caveat is that because our local AD domain is .local (inherited this configuration), I had to add a UPN suffix to sync.

True SSO would become more beneficial when moving our mail services to O365.

Have you considered dropping AD and moving to Azure AD instead? Basically flipping it and syncing in, rather than syncing out?

I have not considered that. Although, I am concerned about Azure's past issues with its reliability/availability.

Also, Amazon Vendor Central US and CA versions.