What is Azure Active Directory Pass-through Authentication?
Azure Active Directory (Azure AD) Pass-through Authentication allows your users to sign in to both on-premises and cloud-based applications using the same passwords. This feature provides your users a better experience - one less password to remember, and reduces IT helpdesk costs because your users are less likely to forget how to sign in. When users sign in using Azure AD, this feature validates users' passwords directly against your on-premises Active Directory.
Key benefits of using Azure AD Pass-through Authentication
- Great user experience
- Users use the same passwords to sign into both on-premises and cloud-based applications.
- Users spend less time talking to the IT helpdesk resolving password-related issues.
- Users can complete self-service password management tasks in the cloud.
- Easy to deploy & administer
- No need for complex on-premises deployments or network configuration.
- Needs just a lightweight agent to be installed on-premises.
- No management overhead. The agent automatically receives improvements and bug fixes.
- Secure
- On-premises passwords are never stored in the cloud in any form.
- Protects your user accounts by working seamlessly with Azure AD Conditional Access policies, including Multi-Factor Authentication (MFA), blocking legacy authentication and by filtering out brute force password attacks.
- The agent only makes outbound connections from within your network. Therefore, there is no requirement to install the agent in a perimeter network, also known as a DMZ.
- The communication between an agent and Azure AD is secured using certificate-based authentication. These certificates are automatically renewed every few months by Azure AD.
- Highly available
- Additional agents can be installed on multiple on-premises servers to provide high availability of sign-in requests.
No comments:
Post a Comment