An on-premises computer that runs the Microsoft Entra Connect sync service. The AD DS directory can be synchronized with Microsoft Entra ID to enable it to authenticate on-premises users. An on-premises directory and identity service. Microsoft Entra ID can act as an identity broker for this application. This subnet holds VMs that run a web application. It acts as a directory service for cloud applications by storing objects copied from the on-premises Active Directory and provides identity services.
An instance of Microsoft Entra ID created by your organization.
The architecture has the following components. Once authenticated, the request can be passed back to the web application, with the appropriate identity information.įor additional considerations, see Choose a solution for integrating on-premises Active Directory with Azure. For example, a web application may redirect the web browser to authenticate the request through Microsoft Entra ID. For simplicity, this diagram only shows the connections directly related to Microsoft Entra ID, and not protocol-related traffic that may occur as part of authentication and identity federation.