Step 2: Connecting to user source
- Maarten Meijer
In order for Skype for Business to function, users are needed that serve as an object for the Skype user. The source of this user object may differ. It is possible to choose three different sources.
Delivering users from an existing Active Directory
Setting up an Active Directory within the SoftApp environment
Adding the users within the SoftApp Active Directory
Every source has advantages and disadvantages that need to be considered. In addition, each source also differs in structure. As you can see in Figure 1.
figure 1
Which source suits your situation?
When considering the source of users, you must take into account the limitations per source and the current infrastructure.
Own Active Directory
If you have an Active Directory in use, we can connect it by means of a two-way forest trust with the Active Directory of SoftApp distribution. You can find more information about the two-way forest trust on technet . For this set-up a VPN has to be set up between the two locations in order for the traffic to pass. Through the Trust it is possible for the SoftApp environment to create a user interface. This is done by means of a disable account in the SoftApp environment that makes an object reference to your own Active Directory. The login process will then refer to the active account in your own environment.
Benefits | Cons | Implications |
|---|---|---|
Users remain in-house | VPN connection must be stable | DNS reference to SoftApp distribution within domain |
Linking to existing infrastructure | Users can not be added from a portal |
|
Single sign-on experience (users are equal to Office 365) | Trust must be two-way for adding users |
|
| More complex set-up |
|
Active Directory delivered from SoftApp distribution
In case the users are only created in Office 365 (cloud users) and there is a need for a Single Sign-On experience then a local Active Directory has to be set up that is linked to Office 365 through Azure Active Directory Sync. With this software the users are synchronized with your cloud environment. This synchronization is one-way. This means that changes can only be made in the Active Directory. As a result, users who are in the Active Directory and are synchronized can no longer change their password in Office 365 * or can be edited in the Office 365 administration panel. This is possible from the portal that offers The Voice of O365.
Benefits | Cons | Implications |
|---|---|---|
No own maintains to server | Synced users can no longer be edited from Office 365 | Edit, add and delete users from portal |
Single sign-on experience (users are equal to Office 365) | Active Directory is only accessible for SoftApp distribution |
|
Users can be added in the portal | Users can no longer change their password in Office 365 * |
|
Easy to set up | Passwords are reset once to a new password. |
|
* Possible with Azure Active Directory Premium P1 and P2 (see Active Directory Editions )
Added to SoftApp distribution Active Directory
A user can also be added in the Active Directory of SoftApp distribution. In this case, an enabled user is created in our own domain with the UPN of the customer. The UPN is the User Principal name, which is the login account of the user. This can be, for example, user@contoso.com . This simply log in with your own data without seeing a reference to SoftApp. It is possible that certain devices expect a Sign-In name in the format domain \ username. Then you will see on the spot of domain SOFTAPP with a random sequence of characters at the location of the username.
Benefits | Cons | Implications |
|---|---|---|
Easy to set up | No single sign-on experience | Users in office 365 are not equal to Skype for Business users (are independent of each other) |
Users can be managed from the portal |
|
|