filmov
tv
Azure AD Pass-through authentication vs. Password hash sync: A comparison for beginners
Показать описание
Azure AD Pass-through authentication (PTA) and Password hash sync (PHS) are two different methods for authenticating users in a hybrid identity environment.
Azure AD Pass-through authentication
PTA is a hybrid authentication method that allows users to authenticate to Azure AD using their on-premises Active Directory (AD) credentials. PTA agents are installed on-premises and authenticate users against the on-premises AD. If the authentication is successful, the PTA agent forwards the authentication request to Azure AD. Azure AD then issues a SAML token to the user, which allows the user to access cloud resources.
Password hash sync
PHS is a hybrid authentication method that synchronizes user passwords from the on-premises AD to Azure AD. Users authenticate to Azure AD using their synchronized passwords. PHS can be used with or without single sign-on (SSO). If SSO is enabled, users will not be prompted to enter their passwords when accessing cloud resources.
Which method to choose?
The best method for your organization will depend on your specific requirements. If you need to maintain control of your password policies and password expiration settings, then PTA is a good option. If you need a simpler solution to implement, then PHS is a good option.
Here are some additional things to consider when choosing between PTA and PHS:
Security: Both PTA and PHS are secure authentication methods. However, PTA is generally considered to be more secure because it does not store user passwords in the cloud.
Compliance: If your organization has compliance requirements that require you to keep all authentication on-premises, then PTA is the only option.
Complexity: PTA is more complex to implement and manage than PHS. If you have a limited IT staff, then PHS may be a better option.
Overall, PTA is a good option for organizations that need to maintain control of their password policies and password expiration settings, or that have compliance requirements that require them to keep all authentication on-premises. PHS is a good option for organizations that need a simpler solution to implement, or that have limited IT staff.
Recommendation
If you are not sure which method is right for your organization, I recommend that you consult with a Microsoft Azure expert.
Azure AD Pass-through authentication
PTA is a hybrid authentication method that allows users to authenticate to Azure AD using their on-premises Active Directory (AD) credentials. PTA agents are installed on-premises and authenticate users against the on-premises AD. If the authentication is successful, the PTA agent forwards the authentication request to Azure AD. Azure AD then issues a SAML token to the user, which allows the user to access cloud resources.
Password hash sync
PHS is a hybrid authentication method that synchronizes user passwords from the on-premises AD to Azure AD. Users authenticate to Azure AD using their synchronized passwords. PHS can be used with or without single sign-on (SSO). If SSO is enabled, users will not be prompted to enter their passwords when accessing cloud resources.
Which method to choose?
The best method for your organization will depend on your specific requirements. If you need to maintain control of your password policies and password expiration settings, then PTA is a good option. If you need a simpler solution to implement, then PHS is a good option.
Here are some additional things to consider when choosing between PTA and PHS:
Security: Both PTA and PHS are secure authentication methods. However, PTA is generally considered to be more secure because it does not store user passwords in the cloud.
Compliance: If your organization has compliance requirements that require you to keep all authentication on-premises, then PTA is the only option.
Complexity: PTA is more complex to implement and manage than PHS. If you have a limited IT staff, then PHS may be a better option.
Overall, PTA is a good option for organizations that need to maintain control of their password policies and password expiration settings, or that have compliance requirements that require them to keep all authentication on-premises. PHS is a good option for organizations that need a simpler solution to implement, or that have limited IT staff.
Recommendation
If you are not sure which method is right for your organization, I recommend that you consult with a Microsoft Azure expert.
0:05:42
0:13:12
0:13:16
0:09:53
0:11:49
0:10:28
0:04:18
0:02:13
0:13:50
0:07:24
0:05:13
0:06:25
0:02:30
0:05:52
0:37:09
0:03:34
0:03:55
0:06:24
1:14:47
0:01:48
0:30:46
0:04:13
0:19:54
0:18:08