With AD Connector, that you may streamline identity management by sourcing and handling all of your user identities from Active Directory. It also allows you to reuse your present Active Directory protection policies such as password expiration, password history, and account lockout policies. Also, your users will no longer need to remember yet an alternative user name and password combination. And as a result of AD Connector doesn’t rely on complex directory synchronization technologies or Active Directory Federation Services AD FS, that you would be able to forego the added cost and complexity of hosting a SAML based federation infrastructure. In sum, AD Connector helps to foster a hybrid environment by permitting you to leverage your existing on premises investments to handle alternative facets of AWS.
AD Connector is a dual Availability Zone proxy provider that connects AWS apps to your on premises directory. AD Connector forwards sign in requests for your Active Directory domain controllers for authentication and provides the means for purposes to question the directory for data. When you configure AD Connector, you provide it with carrier account credentials which are securely stored by AWS. This account is utilized by AWS to enable seamless domain join, single join up SSO, and AWS Applications WorkSpaces, WorkDocs, and WorkMail capability. Given AD Connector’s role as a proxy, it does not store or cache user credentials.
Rather, all authentication, lookup, and leadership requests are handled by your Active Directory.