1.
Authenticate using Microsoft Online IDs
Authentication by using Online IDs is
mainly appropriate for small businesses which either do not have an Active
Directory on-premises or they have an AD but willing to decommission it after
migrating to Office 365.
The advantage of this is that it is easy to
deploy and does not require any on-premises servers. However from end-user
experience point of view, users will be prompted for username and password when
try to access Online Services and they will end up with two sets of IDs – one
to access corporate network and one to access Office 365.
Authentication for users is handled in the
cloud.
From the IT management point of view, as
there are two different identities to manage, maintaining and resetting
passwords is required for both on-premises and cloud based AD which doubles the
administration time and effort.
2.
Authenticate using Federated corporate IDs
Users continue to authenticate on-premises
and have only one set of credential to access both corporate network and Office
365 services.
This is a perfect solution for medium/large
organizations to provide Single Sign-on (SSO) for end-users. IT management is
also easier as password policy and password resets are all managed on-premises.
The main drawback is that it requires
on-premises servers to enable identity federation and also more on-premises
infrastructure required to provide high availability of federation server
on-premises.
No comments:
Post a Comment