With version 7.1, the One Identity Active Roles solution has expanded its scope to cover both on-prem AD (as its always done) and Azure AD. Here’s an explanation of how it works.
The ADSI provider serves as the interface between the Active Roles Web UI and the Active Roles Service, enabling one side of the provider to consume services offered by the Active Roles Service, including all additional capabilities offered by the new Azure Service Provider.
It is important to remember that the ADSI Provider is used not only by the Web interface, but also the Active Roles SDK, the SPML Provider and the Management Shell. And by extending support through the stack, we can ensure that as new capabilities are introduced, those same capabilities can be extended, and surfaced end to end, enabling Administrators who choose to, to incorporate new features and capabilities in any site-specific customisations, scripting or integrations, as well as within many of the native capabilities of the product.
The Active Roles Azure Service Provider employs the GRAPH API to communicate with Azure Active Directory and Office 365 wherever possible. GRAPH is an API which is in development, with new capabilities in beta and yet more apparently on the drawing board, Active Roles leverages only the GA aspects of GRAPH, and will seek to address the gaps which exist within GRAPH today through use of PowerShell Cmdlets. As the GRAPH API evolves, Active Roles will adopt its extensions and new capabilities release by release.
The Active Roles Service does not cache user-instigated changes, but instead acts by committing those changes immediately to Azure Active Directory and Office 365, working alongside synchronization options like Azure AD Connect, when present. Microsoft best practice stipulates the requirement for connectivity using Azure AD Connect, and Active Roles will coexist and collaborate with such tools ensuring that all changes are properly committed in such a way that the latent synchronization tools gracefully skip any changes interactively performed by Active Roles Azure Service Provider.
To try Active Roles for yourself download the free trial of version 7.1 here. Also, we have a new eBook that talks about the challenges of managing and securing the hybrid AD environment.