On 2013-01-24 at 21:51 +0000, Edward Ned Harvey (lopser) wrote: > Could it be? Maybe it's actually possible to safely deploy an AD > server into a DMZ or on the WAN, which their clients use for things > like passwords resets and stuff? Literally available on the public > internet? I certainly have reservations from a security standpoint. > Maybe those can be alleviated somehow?
My understanding is that Microsoft's Azure AD offering provides a service for syncing corporate AD data into their service platform, sufficient for authentication and also some schema usage. They then offer things like OAuth2 externally, based upon your own AD setup. I believe there's some level of usage at which this is also currently free, because Microsoft are trying to drive adoption. Downside is you bake use of their service into your external auth, so when they do start charging, you have limited options for switching. I don't know if you can link external laptop auth to this, but for any services which are cloud-hosted, this might be a reasonable approach? -Phil _______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
