A company uses Microsoft Active Directory Domain Services (AD DS) for its employees' authentication.
The company plans to add a Power Platform solution, use AD DS as a primary system, and provide its employees a seamless system integration with a single sign-on.
What type of user management approach would you recommend for user synchronization between online and on-premises environments?
Click on the arrows to vote for the correct answer
A. B. C. D. E.Correct Answer: C
All Power Platform users are managed by Azure Active Directory (Azure AD)
Suppose the company needs to maintain an identity database and management on-premises.
In that case, a Solution Architect needs to design the right approach for identity synchronization between on-premises service (e.g., Active Directory Domain Service) and Microsoft 365 cloud service (Azure AD)
Microsoft provides three methods to manage user identities between on-premises and online environments: Cloud identity - all users management is in a cloud: no need for on-premises identity services.
Synchronized identity - the primary management is on-premises.
The passwords are synchronized between the two systems.
Users still use the same password for login to on-premises and cloud systems.
But they have to sign in again when accessing Microsoft 365 cloud services.
Federated identity - the primary management is on-premises.
The passwords are synchronized between the two systems.
But the users don't need to login to Microsoft 365 cloud services the second time after the initial on-premises login.
This method provides single sign-on support.
The synchronized and federated methods are parts of the hybrid identity.
There are advantages for the users with a hybrid identity.
However, if the company adds new users to the Azure AD, these new accounts will not be synchronized with AD DS.
The synchronization between AD DS and Azure AD is in one way: from AD DS to Azure AD.
All other options are incorrect.
For more information about Power Apps types, please visit the below URLs:
Given the scenario, where a company uses Microsoft Active Directory Domain Services (AD DS) for its employees' authentication, and the company plans to add a Power Platform solution while using AD DS as the primary system and providing employees with seamless system integration with a single sign-on.
In this context, the recommended user management approach for user synchronization between online and on-premises environments would be a Federated Identity approach.
Federated identity enables users to access multiple applications and services using a single set of credentials. In this approach, the company's AD DS infrastructure would act as the identity provider (IdP), and the Power Platform solution would act as the service provider (SP).
When a user attempts to access the Power Platform solution, the SP redirects the user to the IdP for authentication. The user enters their AD DS credentials, and the IdP verifies the user's identity. Once the user is authenticated, the IdP sends a security token back to the SP, which then grants the user access to the Power Platform solution.
Federated identity allows the company to maintain a single identity store while enabling users to access both on-premises and cloud-based applications using the same credentials. This approach also provides a high level of security, as the user's credentials are not stored in the cloud and are only used for authentication purposes.
The other user management approaches mentioned in the options are as follows: