What are the best practices for integrating with Active Directory in a mixed intranet/extranet scenario with Office 365? Skip to main content
https://support.okta.com/help/answers?id=906f0000000i0kriak&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Rick RothRick Roth 

What are the best practices for integrating with Active Directory in a mixed intranet/extranet scenario with Office 365?

Given an existing environment where Active Directory already is the login for employees to Office 365, what would be the best practices for also allowing external (non-employees) access to the organization's Office 365 environment using Okta?

One idea being kicked around is to use Universal Directory as the master data store for extranet users and to replicate those users into Active Directory for Office 365 access.

Can this also be done programmatically? For example, can we write code to do this as part of a web site registration process and have the user data upserted into both Universal Directory and Active Directory?

I am not convinced this is the correct approach, and am open to suggestions.
Best Answer chosen by Niki (Okta, Inc.) 
James GarvinJames Garvin (Okta)
  • One idea being kicked around is to use Universal Directory as the master data store for extranet users and to replicate those users into Active Directory for Office 365 access.
That is a possibility.  You can create the user in Okta and then have them provisioin into AD or potentially leave them as Okta Mastered, if you are using Okta to Provision into O365 or you haven't federated with WS-Fed to O365, that is you are using SWA.
  • Can this also be done programmatically? For example, can we write code to do this as part of a web site registration process and have the user data upserted into both Universal Directory and Active Directory?
     
Yes!  Okta has a RESTful API.  http://developer.okta.com/docs/api/getting_started/design_principles.html

You could create a customized portal with some sort of self registration and using the Okta APIs, it would create the user in Okta and allow the user to authetnicate to Okta via the Portal, if you wish.