Secure the keys to your identity kingdom by linking your cloud and on-premises directories.
Imagine being able to work from any location and on any device with other people. Office 365 and other cloud services help to make this easy, as long as you have an ID and password to access the system. That’s where hybrid identity comes in. By linking the cloud identity to the on-premises identity, access is available seamlessly, whether in the office or anywhere else.
That all sounds great (and it is) but having a hybrid identity set up provides so much more. One thing that has always caused an issue is the implementation of passwords. They expire, are complicated and I have about 100 of them (with different IDs too).
The chances of remembering all of them all the time are fairly slim. Particularly when they expire on the last day at work before I go on holiday (2 weeks in the sun sounds good…). When I get back, I am sure that I changed my password, but, since I used it only the once, can I still sign in to my PC?
This is where hybrid identity comes back in and helps me to recover the situation.
In the old days, I would log a call with the service desk and wait until they called me back (lost productivity there). Then, after going through some questions to prove who I am, they would reset my password, tell me what it is (or email my manager) and I would be able to log in. I would also need to reset my password as the service desk set it to “Summer2018” and it’s timed to auto-expire.
Today, I can utilise the cloud service to prove who I am by answering my mobile phone and then simply putting in a new password. This is then written to the internal directory and the cloud directory straight away, so I can get access immediately.
“The more we can work together, collaborate on projects, design new things or fix things that are broken, the better things are.”
The issue of multiple identities is also helped when a hybrid identity is used. Cloud services use different types of authentication token; SAML, OAuth, Open ID Connect. Like the differences between Yale, Mortice and Deadbolt, to access the service, it is important to provide the right key.
A hybrid identity can provide different keys for different services based on the original authentication. We can think of part of the identity service as being a big, secure key box. We can use our ID and password as a key to open the key box.
Inside that box are keys to each of the services that we need to access, it holds different Yale and Mortice keys, as well as others that are handed out as long as we can open the box. As a result, we can sign out the key we need, when we need it, and work productively in each system.
Each user has their own box that contains the keys that they are permitted to use. By signing out the key to the finance system, I can access it and submit my expenses.
The Microsoft identity stack demos will show you how to:
That’s great for accessing my services, but I also need to work with other people. Teamwork and collaboration are essential, the more we can work together, collaborate on projects, design new things or fix things that are broken, the better things are.
Again, in the past, this needed anybody we worked with to have an account in the same system. To work with somebody from outside the organisation a new account for that user would have to be added to the internal systems for both authentication and authorisation. There was no way to know if that outsider had since left their organisation, we had to manage the ID, provisioning, de-provisioning, and, of course, password resets.
Hybrid identity gives us a much better way of handling this. Cloud-based services can be linked to an identity in someone else’s cloud; they manage the provisioning, de-provisioning, and password resets – we manage the access to the specific services. Effectively, we give a copy of the door key to the outsider with the promise that if they ever leave that they will return the key.
OK we know that in real life when we lend somebody a key it probably isn’t coming back. What happens here though is that we place the spare key inside the key box belonging to the outsider’s company. When they leave the company, the key to the key box is taken away from them. That means that they can’t get the key to our system.
Hybrid identity allows us to achieve a number of things:
It can also help with the automatic provisioning out to external applications (if we are using them of course).
While hybrid identity may seem like a complex issue when it is up and running, it makes accessing data and services both internal and external while collaborating with partners/customers/vendors much simpler. Paraphrasing J. R. R. Tolkein it gives us, “one identity to rule them all, one identity to sign in, one identity to keep control and in the Internet find them”.
Next, why not take a deep dive into the Microsoft Identity Stack with Senior Consultant Ian Bassi.
Submit your business email to join our mailing list and we'll send you 'A buyer’s guide to Microsoft Enterprise Security'.
As ThirdSpace’s Solution Architect and Technology Evangelist (yes, he knows it’s a long title), Dave has a background in IT that goes back to installing a piece of kit called a Microsoft Softcard in...
READ AUTHOR'S FULL BIO
See how you can easily create new accounts and reduce risk through automation.Watch now
Send us your questions or feedback.
Friendly folks are standing by!
Eight-time winner of the Microsoft Partner of the Year Award for Identity Management, Enterprise Mobility, and Security and Compliance.
You are seeing this because you are using a browser that is not supported. The ThirdSpace website is built using modern technology and standards. We recommend upgrading your browser with one of the following to properly view our website:Windows
Please note that this is not an exhaustive list of browsers. We also do not intend to recommend a particular manufacturer's browser over another's; only to suggest upgrading to a browser version that is compliant with current standards to give you the best and most secure browsing experience.