Managing Active Directory and Office365 through OpenIAM

Many of our Identity Management customers have a Microsoft Environment which consists of Microsoft Active Directory and complementary components such as Microsoft Exchange, Lync, SQL server, etc. Many of these customers have, or are in the process of adopting Microsoft’s Office 365 platform (O365). Adopting O365 allows companies to move some of the components to the cloud.

Microsoft provides a technology called DirSync (which is currently being replaced by Azure Connect), which allows you to sync accounts in AD to the cloud platform so that users have a single identity between the cloud and on-premise world.

By itself this functionality does not go far enough to address the needs of larger customers who need to manage thousands of users, integrate various other technologies and conform to corporate policies. Some of the challenges are listed below. You will find that some of these issues may not be relevant to your environment as this will depend on the components of the Microsoft stack which are being used and how the synchronization between AD and O365 has been enabled.

For new users (Joiners) and existing users, consider:

  • Activesync accounts from on-premise AD to O365 Tenant
  • Mailbox
    • Does the user get an on-premise mailbox or one in the cloud?
    • If on-premise, do we still want to synch to the cloud as a backup mailbox?
    • Being able to switch existing users from on-premise to cloud
    • Resource mailboxes (Room, Equipment, etc) on-premise or in the cloud
    • Creating a secondary mailbox in the cloud for users who may have a primary mailbox on-premise
    • Show in Global Address List (GAL) or not?
  • On-premise home folder vs OneDrive for Business or both
  • Office365 Subscription Management
    • If you pick an E3 subscription, should you be entitled to all the functionality in an E3 subscription?
    • Are there other O365 services like CRM Online which are available to some users?
  • Mobile Device Management - On-premise vs Intune (Cloud)

To enable deprovisioning users (Leavers), consider:

  • Disabling the account in Active Directory
  • If on-premise mailbox, then disable the mailbox per polices
  • If it’s a cloud mail then set cloud-related policies such as the retention period
  • Disabling from the GAL

If this process is not governed by a flexible automated solution, then the administrative overhead must also be factored in which will be both time consuming and potentially error prone.

The rest of this article describes how the OpenIAM Identity manager was used to address these challenges at a large customer. In this case, the organization:

  • Has users which are geographically distributed
  • Was moving from exchange online to O365, but both environments had to be supported
  • Needed to support both automated provisioning and deprovisioning from a source system to manage users from the UI

Please Post Your Comments & Reviews

*

Recent Posts
RSA Conference 2019
We will be exhibiting at the RSA Conference in San Francisco in March, and welcome the opportunity to meet you in person for questions and on-site demos. For a complimentary Expo Plus Pass, please use the registration code XEU9OPENIAM at the RSA...
For colleges and universities, OpenIAM introduces an industry-specific IAM solution for students and faculty which incorporates technologies such as Docker and Identity-as-a-Service (IDaaS). CORTLANDT MANOR, N.Y.--(BUSINESS WIRE)--OpenIAM, LLC announces the release of a fully featured Identity Governance and Web Access...
OpenIAM v4.1 provides organizations with a feature complete IAM platform which leverages modern technologies such as Docker, Kubernetes, Elasticsearch and Redis to provide a user-friendly, small footprint solution which is currently in production at mid to large enterprises globally. Cortlandt...
CORTLANDT MANOR, NY JUNE 21, 2016: OpenIAM, a top Open Source Identity and Access Management vendor, has bolstered security at organizations while increasing employee productivity through its automated Self-Service Portal. In lieu of calls to the help desk due to...
See
More
Posts
read more
Sign in
Register
or
Lost your password?
Register

Products of Interest

How did you hear about us?

Registration confirmation will be emailed to you.