Share via

Azure AD / Open LDAP / SSO Sync

Hiten Kacha 1 Reputation point
2021-04-21T09:56:48.107+00:00

Hi
Due to the way our business has grown ( acquisitions etc) we have ended up with a bit of a hybrid system for Identity management

Currently, we have Azure AD which provides SSO to a number of core applications ( Office 365, Salesforce, HR Systems, Zoom etc) along with user provisioning where supported.

We also have a large AWS environment where our product is hosted. this environment has a number of systems accessed by the company such as monitoring / alerting / reporting systems. These systems are linked to an LDAP environment set up in AWS (OpenLDAP)

The ideal solution is that Azure AD provides the single identity mgmt and SSO to all systems and I was wondering how this can work when we have an Open LDAP environment as well.

I was wondering if there is a way to sync data from Azure to Open LDAP so then users have a single set of credentials to access all systems.

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. VipulSparsh-MSFT 16,311 Reputation points Microsoft Employee
    2021-05-11T13:42:41.313+00:00

    @Hiten Kacha Thanks for reaching out and apologies for delay on this. Yes you can implement Generic LDAP Connector like Microsoft Identity Manager or Forefront Identity Manager to achieve this.

    The Generic LDAP Connector enables you to integrate the synchronization service with an LDAP v3 server.

    Certain operations and schema elements, such as those needed to perform delta import, are not specified in the IETF RFCs. For these operations, only LDAP directories explicitly specified are supported.

    For connecting to the directories, we test using the root/admin account. To use a different account to apply more granular permissions, you may need to review with your LDAP directory team.

    For detailed information you can read this.

    Note : LDAP Connectors are an advanced configuration requiring some familiarity with Forefront Identity Manager and/or Microsoft Identity Manager. If used in production, we advise questions about this configuration should go through Premier Support or Microsoft Partner Network.

    0 comments
  2. Arek 0 Reputation points
    2023-05-05T19:00:05.94+00:00

    Another part of this solution would be the GRAPH connector for MIM. This will allow you to pull Azure AD data into MIM so that it can be pushed out to other systems (the LDAP in AWS for example).

    Its not an easy configuration (lots of moving parts and some coding if not using portal required) but once its up and it works it works very well.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.