06-18-2024 01:23 PM
Hi, setting up a customer for trial but they were asking about going forward and would like to know advantages of doing On-prem auth versus Azure AD versus AD FS? Other than the proxies, are there any advantages or cons in one over the other?
As well, when looking at Azure AD there was the following note: Note: If you use Entra ID (Azure AD) as your SAML IdP for Duo Single Sign-On you cannot also protect Office 365 with Duo Single Sign-On.
What does this mean?
Thanks in advance
Solved! Go to Solution.
06-18-2024 01:32 PM
Hello @bjames
When setting up authentication for your customer, choosing between On-premises Active Directory, Azure Active Directory, and AD FS depends on their specific needs and resources.
On-premises AD offers maximum control and customization, seamless integration with on-premises applications, and potentially lower latency for local resources, but it requires significant ongoing maintenance, infrastructure costs, and robust disaster recovery planning.
Azure AD, on the other hand, provides simplified management through the Azure portal, automatic scalability, seamless integration with cloud services like Microsoft 365, and built-in security features, making it often more cost-effective; however, it relies on a stable internet connection, offers less control over the infrastructure, and may require additional expertise for integration. AD FS enables SSO across various applications and offers control over authentication processes, but it can be complex to set up and manage and requires regular maintenance and high-availability configurations. Additionally, a notable limitation when using Azure AD as a SAML IdP for Duo SSO is that you cannot simultaneously protect Office 365 with Duo Single Sign-On, meaning you need to choose which service will be protected by Duo SSO or consider alternative configurations if protecting both is essential.
06-18-2024 01:32 PM
Hello @bjames
When setting up authentication for your customer, choosing between On-premises Active Directory, Azure Active Directory, and AD FS depends on their specific needs and resources.
On-premises AD offers maximum control and customization, seamless integration with on-premises applications, and potentially lower latency for local resources, but it requires significant ongoing maintenance, infrastructure costs, and robust disaster recovery planning.
Azure AD, on the other hand, provides simplified management through the Azure portal, automatic scalability, seamless integration with cloud services like Microsoft 365, and built-in security features, making it often more cost-effective; however, it relies on a stable internet connection, offers less control over the infrastructure, and may require additional expertise for integration. AD FS enables SSO across various applications and offers control over authentication processes, but it can be complex to set up and manage and requires regular maintenance and high-availability configurations. Additionally, a notable limitation when using Azure AD as a SAML IdP for Duo SSO is that you cannot simultaneously protect Office 365 with Duo Single Sign-On, meaning you need to choose which service will be protected by Duo SSO or consider alternative configurations if protecting both is essential.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide