We have a small business and currently don't have a need for a domain within our office. We have a basic network and a single server running Windows Server 2008 R2 with some file shares and 3rd party apps.
We use Office 365 and have a Windows Azure subscription. The two seem to be keeping the Active Directory for our organisation in sync pretty well. (i.e. The data looks the same on both systems)
All of the thrid party apps we run on our app server support LDAP as an identity provider but because we don't run a domain we are having to get each user to create a new login/password for these services.
Ideally we'd like to get this server to sync from Azure/Office 365 and allow users to then authenticate using their Office365 credentials.
All of the literature I have found talks about synchronising FROM on-premise to Azure but we'd like to rather sync FROM Azure/Office 365 to our on premise server. I guess our on-premise server become a federated identity provider for our Office 365 directory…
Is this possible or do we need some 3rd party LDAP provider that can federate identities from Azure or Office 365?
Best Answer
Short answer: No. However, like @Nathan-C described, you can stand up the required services using Azure Iaas (either DC+DirSync+ADFS or DC+Dircync w/pwd sync) in order to achieve single sign-on between your your Office365 apps and your on-prem apps. You would need to deploy a VPN link between Azure and your local network.
Azure AD is NOT "regular" Active Directory.