while working with cloud providers one has to take extreme lengths with trying to be locked in. One of the areas that is extremely difficult to avoid lock-in, is with user management. Ther is nothing worse that working in one organization and having several different user accounts to get access to your cloud resources. so you really have 2 options at this point.
- Suffer the management of 2 different IAM ( identity access management) services, and have cranky devs bothering you left and right to reset passwords
- use a cloud SAML provider.
I choose to take on option 2 for the easy of management and access to online password resets. AKA things I don't want to waste my time on. Yes, you do lose a degree of freedom if you are going pure cloud IAM. but you also have much less late night calls.
For my solution, i decided to test the limits of Azure Active Directory. Yes i am perfectly aware i could have gone the other route and used Identacor (https://www.identacor.com), auth0 or gone native to Amazon clouddirectory or made the super far jump with Amazon cognito but since we have a bunch of local application and we use sql server at work anything Active directory base had my interest ( sorry SAML providers, but i will get back to you guys in a second).
So how does this work out..
Pretty simple actually. If you have an ldap directory or an Active directory on prem/or in the cloud. all you need to do is install an application that creates the sync between your on prem with the cloud.
In the next blog series, i will be talking about the gotcha and why in some cases the free version of Azure active directory is all you need.