Backend Office 365™ with LDAP?


Some IT admins are interested in backending Office 365™ (O365) with LDAP because they’d like to use O365 credentials elsewhere. For example, extending O365 credentials to an OpenVPN™ instance or to AWS® with a Kubernetes or Docker instances. Obviously, Office 365’s underlying identity management model is based on Azure® Active Directory®, so Microsoft®would likely tell you that you don’t need LDAP connected to O365 user identities. But, what Microsoft tells you is simply an attempt to keep you in their ecosystem, so consider a few use cases laid out in the article below.

Backend O365 with LDAP and More

Cloud-based AD alternatveThings get really interesting when you consider the different types of cross-platform use cases that you can achieve by backending Office 365 with LDAP. IT admins are using their imaginations and dreaming up scenarios where you can extend a user’s O365 credentials for authentication with just about any IT resource. This setup cuts down on password fatigue and the reuse of potentially weak passwords.

The reasoning for this sort of LDAP backend is because ideally, an end user would have just one set of credentials for the IT resources they use daily. That means systems (Windows®, macOS®, or Linux®) cloud and on-prem servers (e.g. AWS, GCP, on-prem data center, etc), web and on-prem applications via LDAP and SAML, physical and virtual file servers (for example NAS appliances, Samba file servers, Dropbox™, G Drive™, and more), as well as wired and WiFi connections through the RADIUS protocol. All of those various resources would be connected to one identity, but perhaps instantiated in a variety of ways including username/password, SSH keys, 2FA, or more.

Microsoft’s Azure AD Limitations

Unfortunately, that vision of a single set of credentials isn’t achievable using Azure Active Directory, even when it is used in concert with on-prem Active Directory. With that in mind, when thinking about a cross-platform, inclusive approach to an IT network, solutions will need to be neutral. That will enable the solution to facilitate access through a variety of different (Read more...)

*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Ryan Squires. Read the original post at: