In my last blog I talked about how Centrify User Suite provides a superior alternative to Microsoft’s DirSync for Office 365 provisioning. I discussed how (#1) DirSync requires additional hardware and software is complex and difficult to set up, and (#2) does not handle license management. In this blog post I will give some additional reasons why Centrify is the best choice for Office 365 identity.
#3 Syncing from multiple AD forests requires a custom FIM implementation
Common to modern enterprises is an Active Directory topology consisting of multiple forests. Perhaps this is due to M&A activity, LOB realities or geographic convenience. This feature provided by Active Directory is not currently supported by DirSync. Dirsync currently only syncs AD data from a single AD domain in a single AD forest. For organizations that have multiple domains or forests, a full forefront identity manager (FIM) implementation is required at this time. The potential complexity of implementing FIM and related components and infrastructure can often dwarf the cost and complexity of the rest of the project:
Centrify is the innovative leader in extending Active Directory to non-Microsoft native environments. We currently support 450+ plus operating systems, Macs, mobile devices and thousands of on prem, cloud and mobile apps. Centrify understands Active Directory as well as anyone in the industry and, as such, automatically supports multiple domains and trusted forests without additional tools or infrastructure as part of the cloud proxy service.
#4 Mapping internal with external domains isn’t supported by DirSync
Another common scenario is organizations where their AD domain doesn’t exactly match their email domain. For now DirSync is limited to supporting only matching domain names and UPNs for syncing users from AD to Office 365. This reality forces an organization to either refactor their users in AD or to implement custom FIM solutions. In contrast Centrify supports automated domain mapping and has a simple scripting option for supporting local, different or child domain mapping.
#5 Flexibility and options for syncing AD changes
Flexibility is essential to ensuring that your projects are successful, complete on time and to reduce stress and uncertainty. DirSync is typically an all or nothing batch-oriented sync tool. This inflexibility leads to integration and rollout challenges. Centrify supports the same sync modes that DirSync provides, and adds flexible options to selectively sync users or groups to sync as AD objects change. A preview report also provides insight into potential issues or problems before sync.
Viva la difference!
So those are 5 major differences between DirSync and Centrify. Hopefully as you have seen from this blog post, DirSync/FIM and Centrify offer different approaches to Active Directory synchronization and user provisioning for Office 365. Clearly DirSync offers a more limited and on-premise-centric approach while Centrify offers a more cloud-based approach with greater flexibility. In addition, the goal of Centrify is to offer a more out-of-the-box experience for integrating with third party SaaS apps and with mobile devices than what ADFS/DirSync/FIM offers.
In some cases DirSync may be appropriate for some customers (e.g. if they don’t really want to use AD as the authoritative source for identity and simply want to sync their password hashes to Azure AD) and in other cases Centrify may be a better choice. My goal here was to simply lay out the facts and let the customer decide which is best between the two, especially as most Office 365 customers will want to know which options to consider.
As we mentioned in our earlier blog post — clearly Microsoft needs to offer something in this area known as “Office 365 identity,” and their answer is ADFS and DirSync, but given that one size rarely fits all, it does not mean that this offering is perfect for every customer of Microsoft. Centrify makes an Office 365 deployment easier and can deliver a better user and IT experience — that’s the most important value to Microsoft and, even more important, to its customers; let alone introducing ADFS and DirSync/FIM as a new piece of on-premise software that needs to be scaled, managed and maintained. Moving forward, the good news is that Microsoft is looking to evolve DirSync, and Centrify will continue to look to further complement and add value to it while providing its own unique and complementary approach that customers should consider when looking for federated identity and user provisioning for Office 365.