A company named A, Ltd. has an Azure Active Directory ( Azure AD ) tenant that is integrated with Microsoft Office 365 and an Azure Subscription.
A Ltd has an on-premises identity infrastructure. The infrastructure includes servers that run Active Directory Domain Services ( AD DS ), Active Directory Federation Services ( AD FS ), Azure AD connect and Microsoft Identity Manager ( MIM )
A Ltd has a partnership with a company named B, Inc . B has an Active Directory forest and an Office 365 tenant. B Inc has the same on-prem identity infrastructure as A Ltd
A team of 20 developers from B Inc will work on an Azure solution that will be hosted in the Azure Subscription of A Ltd. The developers must be added to the contributor role for a resource in the A Ltd
we have to ensure that A Ltd can assign the role to the 20 B Inc developers.
The solution must ensure that the B Inc developers use their existing credentials to access resources.
Preferred solution:
Configure a forest trust between the on-premises Active Directory forests of A Ltd and B Inc.
What is meant by trust configuration ?
Trust Configurations: Configure trust from managed forests or domains to the administrative forest A one-way trust is required from production environment to the admin forest.
Selective authentication should be used to restrict accounts in the admin forest to only logging on to the appropriate production hosts.
Reference:
https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/securing-privileged-access-reference-material
No comments:
Post a Comment