Please advise on how best practise on a current problem we are facing.
Summary of our environment:
Active Directory based on 2008 R2
Active Directory Federated Services ADFS 3.0 Server 2012 R2
Web Application Proxy externally facing (DMZ) Server 2012 R2
We have Enterprise Mobility Suite and can utilise
Azure Active Directory via Azure AD connect.
We have brought into a SaaS solution from the Vendor iVanti to supply us with a IT Service Management tool. The application requires the ability to leverage our on premise Active Directory however our AD is not externally facing and we are not able to open AD using firewall rules or using a dedicated VPN for security purposes.
We need another way to be able to publish AD to this SaaS solution.
We currently have our on prem AD to sync to Azure Cloud via Azure AD connect and we want to ask whether we can leverage this or can we use ADFS/WAP to securely make our AD available to this SaaS offering?
We currently have setup ADFS for authentication/SSO but this doesn’t solve the problem of the import of AD objects. It needs AD to be sync to the iVanti cloud solution.
This is a real challenge for us, Any support/best practise suggestions that could be recommended would be appreciated. in Summary we want to external solution to tap into AD to perform LDAP/LDAPS read only import.