The on-premises authentication requirement can be handled with Pass-Through Authentication (PTA). Single Sign-On is not part of the decision criteria because it is compatible with both Password hash-sync (PHS) and Pass-Through Authentication(PTA) methods supported by Azure AD. The initial answers to the question “ Do you still need ADFS?” can now be analyzed through the decision flow. Even if usually an application just requires the user identifier and the application roles for RBAC permission determination. Only when there is an unsupported authentication method or complex claim rules that cannot be migrated to Azure AD. If we analyze the decision flow, we can conclude that only a limited number of cases require to have ADFS. Only a limited number of cases require ADFS ADFS).ĭo you want to enforce user-level Active Directory security policies during sign-in? Active Directory security policies such as account expired, disabled account, password expired, account locked out, and sign-in hours on each user sign-in, Azure AD requires some on-premises components.ĭo you have a sign-in requirement not natively supported by Azure AD? Currently AAD does not support the following authentication methods: sign-in using smartcards or certificates, sign-in using on-premises MFA Server, sign-in using third-party authentication solution, multi-site on-premises authentication solution.ĭo you want sign-in disaster recovery or leaked credentials report? The user with leaked credentials report provided by Azure AD Identity Protection requires password-hash sync to be configured. Do you want AAD to handle sign-in completely in the cloud? This question refers to the capability of Azure AD of handling sign-in without relying on on-premises components.ĭo you want to integrate with an existing federation provider? Azure AD could handle sign-in to an external federation provider (e.g.
0 kommentar(er)
