Microsoft Azure Active Directory Deployment Guide for Retail

Have you ever wondered how to deploy Azure Active directory for Retail Customers? If yes, then here is the help, please go through attached document.

This guide helps you deploy a unified identity and access management solution with Microsoft Azure Active Directory. The primary emphasis is on managing identity life cycle across corporate employees and thousands of seasonal and temporary staff.

Document – Azure AD Deployment Guide Identity Lifecycles

Before you design your Identity Life cycle at Scale solution, review the following process for configuring the prerequisites:

Setup Common Infrastructure
1. Create Azure AD Tenant(s).

Azure AD Tenant is the home for your organization’s directory in the cloud.

Get an Azure AD Tenant
2. Create and configure custom domains.

Users reach your cloud and on-premises resources through domains.

Add Domain
3. Identify Information Worker (B2E) identities and separate them from B2B (partner) and B2C (consumer) identities that might be present in on-premises directories.

Different identities have different roles in your organization.

Azure AD B2B collaboration

Azure AD B2C

4. Identify the on-premises directories to synchronize with Azure AD.

Examples include on-premises Active Directory Forest(s), HR databases etc.


Topologies for Azure AD Connect

Kiosk Worker
5. Identify data sources for kiosk worker identities.

These are the repositories that store the kiosk employees’ information. Examples include HR systems, relational databases, or even text files or spreadsheets.

6. Identify SaaS applications for kiosk workers.

Applications have different requirements for user information, expressed as identity claims, and may support user provisioning.

7. Identify the attributes of kiosk worker identities and normalize them across all sources.

Identify name, phone number, employee ID, and so on, on each data source, and record the semantics and possible values of each.

Information Worker
8. Filter out accounts that do not need to be synchronized.

Only specific users, groups and device objects needs to be synchronized with Azure AD.

Prepare for directory sync

Azure AD Connect sync: Configure Filtering

9. Define a strategy to identify objects uniquely.

This establishes the immutable link between an on-premises object and its manifestation in the cloud.

Azure AD Connect: Design concepts
10. Identify the attributes of initial Azure AD workloads.

Define the information on each object that you want to be available in the cloud.

Azure AD Connect sync: Attributes synchronized to Azure Active Directory
11. Define features for Azure AD synchronization for on-premises objects.

Check items such as whether to write back passwords/devices, synchronize passwords, or propagate accounts to the cloud automatically.

Integrating your on-premises identities with Azure Active Directory
12. Define the authentication approach (Federation or password hash sync).

Determine whether you want Azure AD or the on-premises federation service to perform authentication. In addition, determine whether you want to keep the on-premises usernames and domain names or clean them up.

Federated Identity Pattern

Implementing password synchronization with Azure AD Connect sync

13. Remediate on-premises identities.

Prepare all identities for error-free synchronization to the cloud.

Prepare directory attributes for synchronization with Office 365 by using the IdFix tool

Azure AD service limits and restrictions

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s