Export (0) Print
Expand All

Directory integration

Published: October 28, 2013

Updated: September 23, 2014

Applies To: Azure, Office 365, Windows Intune

If your organization uses an on-premises directory service, you can integrate it with your Microsoft Azure Active Directory (Microsoft Azure AD) tenant to simplify your cloud-based administrative tasks and even provide your users with a more streamlined sign-in experience. Azure AD supports the following four directory integration scenarios:

  • Directory Sync Scenario - Used to synchronize on-premises directory objects (users, groups, contacts) to the cloud to help reduce administrative overhead. Directory synchronization is also referred to as directory sync. Once directory sync has been set up, administrators can manage directory objects from your on-premises Active Directory and those changes will be synchronized to your tenant. In this scenario, your users will use different user name and passwords to access your cloud and on-premises resources.

  • Directory Sync with Password Sync Scenario – Used when you want to enable your users to sign in to Azure AD and other services using the same user name and password as they use to log onto your corporate network and resources. Password sync is a feature of the Directory Sync tool.

  • Directory Sync with Single Sign-On Scenario - Used to provide users with the most seamless authentication experience as they access Microsoft cloud services while logged on to the corporate network. In order to set up single sign-on, organizations need to deploy a security token service on-premises, such as Active Directory Federation Services (AD FS). Once it has been set up, users can use their Active Directory corporate credentials (user name and password) to access the services in the cloud and their existing on-premises resources.

  • Multi-forest Directory Sync with Single Sign-On Scenario - Used to provide users with the most seamless authentication experience as they access Microsoft cloud services while logged on to the corporate network. In order to set up single sign-on, organizations need to deploy Active Directory Federation Services (AD FS) as security token service on-premises. Once it has been set up, users can use their Active Directory corporate credentials (user name and password) to access the services in the cloud and their existing on-premises resources.

To see a high-level matrix of benefits and features provided with each of these scenarios, see Determine which directory integration scenario to use.

See Also

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft