Design authentication and authorization solutions

Requirements

Tailwind Traders is doing very well and is expanding their workforce. They have successfully acquired an online retailer in the sports apparel space. The company has also located a partner to outsource marketing literature. Tailwind Traders is using Azure Active Directory for user and groups accounts. Here are two specific initiatives the IT department would like you to help with.

New user accounts

  • The online retailer acquisition will add 75 employees to Tailwind Traders. All the new users have on-premises Active Directory Domain Services accounts in the retailer’s existing domain.

  • The new marketing partner will initially have 15 employees who will need corporate access. These employees already have Azure AD accounts in the partner’s AAD tenant.

  • The new employees are located at various geographic locations and will need account privileges for their new job roles. Some changes to existing employee roles are expected.

  • The IT department wants to take this opportunity to include new identity security features.

New application access

  • The business development team has an application running an on Azure VM and data stored in an Azure SQL database. They need to securely allow the VM to query the Azure SQL database.
  • They also need an on-premises server to be able to securely access the SQL database without storing credentials in the application code or configuration files.

Tasks

New user accounts

  • Diagram the process for bringing in the acquired user accounts.

  • Diagram the process for adding the new partner accounts.

  • For the above requirements, be sure to include any tools that will be used. List at least three benefits of your suggested solution.

  • Provide at least three recommendations for improving Tailwind Traders user identity solutions. Rank the recommendations in order of importance. Include your reasons for making these suggestions.

New application access

  • Provide an access solution for the business development application.

  • Provide an access solution for the on-premises resources.

How are you incorporating the Well Architected Framework pillars to produce a high quality, stable, and efficient cloud architecture?