Have you ever wondered how to deploy Azure Active directory for Retail Customers? If yes, then here is the help, please go through attached document.
This guide helps you deploy a unified identity and access management solution with Microsoft Azure Active Directory. The primary emphasis is on managing identity life cycle across corporate employees and thousands of seasonal and temporary staff.
Document – Azure AD Deployment Guide Identity Lifecycles
Before you design your Identity Life cycle at Scale solution, review the following process for configuring the prerequisites:
| Setup Common Infrastructure | |||
| 1. | Create Azure AD Tenant(s). Azure AD Tenant is the home for your organization’s directory in the cloud. |
Get an Azure AD Tenant |
|
| 2. | Create and configure custom domains. Users reach your cloud and on-premises resources through domains. |
Add Domain | |
| 3. | Identify Information Worker (B2E) identities and separate them from B2B (partner) and B2C (consumer) identities that might be present in on-premises directories. Different identities have different roles in your organization. |
Azure AD B2B collaboration |
|
| 4. | Identify the on-premises directories to synchronize with Azure AD. Examples include on-premises Active Directory Forest(s), HR databases etc. |
Connectors |
|
| Kiosk Worker | |||
| 5. | Identify data sources for kiosk worker identities. These are the repositories that store the kiosk employees’ information. Examples include HR systems, relational databases, or even text files or spreadsheets. |
||
| 6. | Identify SaaS applications for kiosk workers. Applications have different requirements for user information, expressed as identity claims, and may support user provisioning. |
||
| 7. | Identify the attributes of kiosk worker identities and normalize them across all sources. Identify name, phone number, employee ID, and so on, on each data source, and record the semantics and possible values of each. |
||
| Information Worker | |||
| 8. | Filter out accounts that do not need to be synchronized. Only specific users, groups and device objects needs to be synchronized with Azure AD. |
Prepare for directory sync |
|
| 9. | Define a strategy to identify objects uniquely. This establishes the immutable link between an on-premises object and its manifestation in the cloud. |
Azure AD Connect: Design concepts | |
| 10. | Identify the attributes of initial Azure AD workloads. Define the information on each object that you want to be available in the cloud. |
Azure AD Connect sync: Attributes synchronized to Azure Active Directory | |
| 11. | Define features for Azure AD synchronization for on-premises objects. Check items such as whether to write back passwords/devices, synchronize passwords, or propagate accounts to the cloud automatically. |
Integrating your on-premises identities with Azure Active Directory |
|
| 12. | Define the authentication approach (Federation or password hash sync). Determine whether you want Azure AD or the on-premises federation service to perform authentication. In addition, determine whether you want to keep the on-premises usernames and domain names or clean them up. |
Federated Identity Pattern Implementing password synchronization with Azure AD Connect sync |
|
| 13. | Remediate on-premises identities. Prepare all identities for error-free synchronization to the cloud. |
Prepare directory attributes for synchronization with Office 365 by using the IdFix tool |
|
Kiran NR Cyber-security blog 