1 Reply Latest reply on Mar 5, 2018 3:57 AM by plazz

    Allow SaaS Service manager access to on prem AD environment


      Hi Community members


      My organisation is about to embark on the iVanti service manager SaaS version. We currently setting up a Staging environment for this.


      There's a couple of things we need to setup to allow Service manager to operate properly.


      • Access to on premise Active Directory environment (based on AD Windows 2008 R2)
      • SCCM integration
      • Outgoing email to on premise Exchange 2010 environment


      We use ADFS 3.0 (active directory federated services) and we also have a Web Application Proxy in our DMZ to allow access to on premise services externally. We also use Azure AD to sync our on premise AD into the Azure cloud.


      Service manager supports ADFS so we have set this up to allow SSO as well as federated access however this doesn't solve the problem of the import of active directory objects (users) into service manager. The notes I have seem that we need to allow access to our on premise Active directory environment either allowing the ports through our corporate firewall or use a VPN connection, either options we are not comfortable with from a security standpoint.


      Our preferences would be to either:


      • Use of Azure AD and allow service manager to connect to our Azure active directory
      • Allow Active Directory access securely using our WAP in the DMZ but I don't think this option is possible
      • create a Read only Domain controller, put this in our DMZ and then allow service manager to connect only to this server for import purposes.


      I am interesting in knowing how other organisations have allowed this securely. If either of the above options have been used I would be interested to know how you achieved it.


      Many Thanks