Mastering Identity and Access Management with Microsoft Azure
上QQ阅读APP看书,第一时间看更新
上一章目录下一章

Azure Active Directory Connect

Azure AD Connect is part of the identity bridge to build a hybrid cloud identity and access management. The main purpose of this tool is to synchronize on-premises identities to the cloud and is limited back to the AD. Azure AD Connect is also able to install and configure the whole identity bridge. This means that you can also install and configure your Active Directory Federation Services (ADFS) infrastructure for federation reasons with this tool or use pass-through authentication combined with seamless single sign-on (SSO) to provide a modern and comfortable authentication scenario. The tools are also capable of integrating external federation tools, such as PingFederate.

The following screenshot provides you with a schematic overview of the Azure AD Connect components, whose practical usage we'll explain during the chapter:

Azure AD Connect synchronization schema overview including management capabilities

The following terms are used in the preceding figure:

  • Connected Data Source (CD): A data source that can be represented by a repository, directory, database, or data included in flat files.
  • Management agent or call connector (MA): The management agent (MA) is the connector to a CD and manages the data specific to the connected data source. Currently, AD and Azure AD are the supported MAs, as you can see herehttps://docs.microsoft.com/en-us/microsoft-identity-manager/reference/microsoft-identity-manager-2016-connector-version-history.
  • Connector space (CS): This represents a storage and staging area. It stores the states that indicates whether a piece of information has changed in the CD. Each CD has its logical sector in the CS.
  • Metaverse: The central data store that contains the imported and aggregated identity information from all connected data sources. It provides a global view over all objects and attributes.
  • Staging: If you run a staged import operation on an MA, such as Full/Delta Import (Stage Only), the data is imported from the connected directory (CD) into the CS, but no synchronization rule is applied to it. So, a staged import doesn't affect the metaverse.
  • Import: The process of how objects and attributes from the connected data source will be moved into the connector space, including the associated operations, such as creation, modification, deletion, or verification. The import process can be a full or delta import.
  • Synchronization: The process of applying all the configured rules to the staged objects in the connector space. Synchronization can be divided into inbound and outbound processes.
  • Export: The process of writing changes that occurred during synchronization from the CS back to the connected data source.
上一章目录下一章