The Okta user-disconnect from AD is in progress and while the name of this site including the information presented might appear that everything is set in stone, with clear path ahead to remove Active Directory, the truth is that second thoughts do surface.
For instance:
- What about Wifi access control, other authentication requirements for the office (even though not pressing right this moment with WFH (working from home)?
- What about internal DNS (will we still need it)?
- Will this affect the remaining few servers in any unforeseen way?
- Will there any other unexpected consequences that we haven’t thought of?
- Did I forget any services that we take so for granted that I don’t even think of anymore
However, then I also remember why we started this process: The dependency on a a set of equipment, distributed over 3 sites that serves nobody at the moment, but that can affect employee’s ability to work remotely should it fail.
Another argument is to reduce the amount of equipment to reduce the physical and thermal footprint our remaining servers have. To create a light-weight IT backend, that gives us flexibility to work from anywhere, allows for easy office relocations if necessary, reduces required maintenance and the risk for equipment failure.
There are AD alternative cloud based authentication mechanisms available, like JumpCloud or SecureW2 and others that I haven’t “stumbled over” yet. I like to focus on cloud based auth methods to avoid installing/maintaining on-premise directory and/or Radius servers. Let’s continue to tackle this.