• Solutions
    • IAM in the cloud
    • IAM Hybrid
  • To our products
    • my-IAM
    • IDM-Portal
    • DynamicGroup
    • DynamicSync
    • ADFAQ Blog
  • Company
    • About us
    • Our customers
    • Our partners
    • Career
    • News
  • Contact
FirstAttributeFirstAttribute
FirstAttributeFirstAttribute
  • Identity Management
    • IAM in the cloud
    • IAM Hybrid
  • Products
    • my-IAM
    • IDM-Portal
    • DynamicGroup
    • DynamicSync
  • Company
    • About us
    • Our customers
    • Our partners
    • Career
    • News
    • Tech Blog
  • Contact
  • English
    • German

Integrating Cloud Services in the enterprise network

News |

 

The use of cloud services is being discussedintensively in many companies. The discussions does usually lead tothe following questions:

  • Is our data safe in the cloud?
  • Can I get fast access? At any time and from any place on theworld ?
  • Do Cloud Services meet the compliance guidelines of thecompany?

It gets really interesting when the decision is “pro cloud” andthe implementation project is about to start. If you need help, youcan rely on the experience of our specialists. Feel free to call orto send us a message.

Index

  • Cloud services in general
    • Comparison of cloud variations OnPremise , IaaS , PaaS andSaaS
  • Microsoft Office 365
  • Workplace integration
    • Three-step concept for the integration
      • 1 Directory synchronization
      • 2 MIIS Password Synchronization
      • 3 Single Sign-on SSO
  • Single Sign-On SSO
  • Conclusion

Cloud services in general

Cloud services are a complex issue. There are many providerswhose offers differ just in details. Due to the already gatheredproject experience the experts of FirstAttribute focus onthe Microsoft cloud solutions.

Microsoft cloud solutions can be

  • IaaS (Infrastructure as a Service)
  • PaaS (Platform as a Service) and
  • SaaS (Software as a Service).

It is a mix of public cloud and private cloud services.Microsoft calls its public cloud service MS Online (MicrosoftOnline) or in short MS-O, the private cloud is called theOn-Premises or short OnPrem.

On the way from OnPremises to a SaaS solution, responsibilitiesalso move from from the local IT to the cloud service provider. Thepicture below shows you how the responsibilities for each cloudsolution are balanced between the local IT and the cloud serviceprovider .

Comparison of cloud variations OnPremise , IaaS , PaaS andSaaS

Cloud Computing with Microsoft – Examples :

OnPremises Server and applications are in your own computer center
IaaS Microsoft Azure Server in the Cloud computing center, OS are inself-responsibility
PaaS Microsoft Azure SQL Server in the Cloud computing center
SaaS Office365, Exchange, Sharepoint, Lync are in the cloud

Microsoft Office 365

Microsoft Office 365 is a SaaS (Software as a Service) solutionfrom Microsoft .
Office365 comes in 3 versions:

  • Office 365 Small Business Premium
  • Office 365 Midsize Business
  • Office 365 Enterprise

The characteristics and of each verison can be found on theMicrosoft website: https://office.microsoft.com/en-us/business/

Basically, the follwing components are offered:

  • Exchange Online ( EXO )
  • SharePoint Online (SPO)
  • Lync Online (LYO)
  • Office Online (Word, Excel, PowerPoint, Outlook, Access)

Technically seen, Microsoft provides a Microsoft Azure ActiveDirectory domain in a so-called cloud tenant (client). This domainis the basis for an Exchange organization and the provision ofother services such as SharePoint. The Office programs (Word, Exceletc.) are streamed via App-V directly to the terminals.

Workplace integration

The main questions here are:

  • How do cloud services fit into the existingenvironment?
  • How does the daily business look like for theuser?
  • How does the end user access to the cloudservices ?
  • Is it all transparent and understandable tothe user ?

Three-step concept for the integration

1 Directory synchronization

Establish a directory synchronization between the OnPremises ADdomain in your own data center and the Microsoft Azure ActiveDirectory domain based on the MIIS (Microsoft Identity IntegrationServer). So you can access the cloud tenant with the regular username. You can now access a different domain (Azure AD) and with adifferent password.

2 MIIS Password Synchronization

Establish a MIIS Password Synchronization. The directorysynchronization with the Microsoft Identity Integration Serverenables the transmission of passwords in the Microsoft Azure ActiveDirectory domain. Thus, users can sign in with the same usernameand password both OnPremises as well as in the cloud – but on twodifferent domains.

3 Single Sign-on SSO

Establishment of the single sign-on SSO. A STS (security tokenservice) is required which is set up with a ADFS Trust (ActiveDirectory Federation Services) between the Microsoft Azure ActiveDirectory domain and the AD domain OnPremises. This allows you todirectly access to cloud services without further notification. TheSSO solution is the best solution for the user, but also the mostcomplex.

For this reason we want to go a bit more into detail in thenext chapter.

Single Sign-On SSO

The implementation of SSO requires a Windows domain in mode2003R2, 2008, 2008R2 or 2012. You can install the ADFS serviceeither as ADFS 2.0 on a Windows Server 2008R2 or as ADFS role on aWindows Server 2012. If users want to log on to the cloud using SSOoutside the intranet, an AD FS 2.0 proxy server in the DMZ isnecessary. The Cloud login page passes the authentification on theADFS proxy to the ADFS server and the OnPremises domain.
The routing works if the user logs on using his UPN(UserPrincipalName), eg username@company.com. In addition, the DNSsuffix of the UPN must be a public registered DNS domain. Only thatway the forwarding target can be resolved externally to the ADFSproxy in the DMZ.
It is might be the best to use the e-mail address as UPN here, asthis is known to the user. Even for users who log on to theirworkstation to a domain PC, the UPN of the user object must becorrectly maintained to provide a proper SSO.

Conclusion

If you look at SSO it is easy to see that a cloudservice integration is a very complex issue. The UPN isjust one of many examples that must be considered before and duringthe implementation. In addition there are public certificates,external DNS entries, firewall rules, and trusted sites entries inInternet Explorer (to name just a few). All these should be takeninto consideration to get the connection to the cloud worksmoothly.

If you have questions or need support, you can rely on theexperience and expertise of FirstAttribute. We support andaccompany you on your journey to the cloud. Feel free to contact us.

graphics: adapted from Microsoft sources

Artikel erstellt am: 28.11.2019
Share

You also might be interested in

The future of Active Directory: Where will AD go from here?

Jul 26, 2023

More and more companies are relying on services in the[...]

Bi-directional organization of Microsoft Teams by IT and employees

May 11, 2022

Time and again, companies contact us describing a similar situation:[...]

RealIdentity 2.0 – Seamlessly supplying applications with identity data

Oct 14, 2024

Employees, partners, customers, or guests – all of these are[...]

Last articles

  • FirstAttribute joins the Rewe Team Challenge Dresden 2025
  • FirstAttribute Honored with Familienpakt Bayern Membership
  • PeopleConnect 2.3: Globally connected – your contacts now displayed on the map
  • Entra and AD Group Management with IDM-Portal 5.1
  • Meet NIS2 requirements with the right IAM system

Our IAM Solution

Ihre IAM-Lösung: FirstWare IDM-Portal

my-IAM for Cloud Identity Management in Microsoft Teams

Contact Info

  • FirstAttribute AG
  • Am Büchele 18, 86928 Hofstetten, Germany
  • +49 81 969 984 330
  • info@firstattribute.com
  • firstattribute.com

Solutions

  • IAM in the cloud
  • IAM Hybrid

Company

  • Career
  • Contact

Latest News

  • FirstAttribute joins the Rewe Team Challenge Dresden 2025
  • FirstAttribute Honored with Familienpakt Bayern Membership
  • PeopleConnect 2.3: Globally connected – your contacts now displayed on the map
  • Entra and AD Group Management with IDM-Portal 5.1
  • Meet NIS2 requirements with the right IAM system

© 2025 · FirstAttribute AG.

  • Legal Information
  • Privacy Policy
Prev Next