February 28, 2024
All your news, One Platform!
Generic filters

How does Scalefusion Enable Secure Access to an Organization’s On-Premise Microsoft Active Directory

December 13, 2021

We are well aware that today’s business world relies heavily on remote working. Whether we consider the dispersed teams working from home, or on-field teams working from diverse remote locations, technology plays a vital role in streamlining remote operations. Workplace flexibility has become common and cloud-based deployments are the new normal. Considering the wide range of benefits that the cloud platform extends to its users, businesses all over the globe are preferring cloud-based deployments.

However, even though a majority of processes are taken over by the cloud, businesses still have some resources that are hosted on their in-house servers, which are not openly available on the web. These resources, for example, the Microsoft Office Suite, are known as ‘on-premise’ resources. How do businesses that operate heavily with a cloud-based environment access their on-premise resources? The answer is, with an ‘on-premise connector’.

What is On-Prem Connector (OPC)?

The On-prem Connector is a medium that enables a secure connection between the MDM dashboard and the organization’s on-premise resources such as the Microsoft Active Directory, MS Exchange and more. With the surge in enterprise mobility, businesses have shown an increase in the adoption of Mobile Device Management (MDM) solutions. Scalefusion is one such popular MDM solution that enables IT admins to access an organization’s on-premise Microsoft Active Directory, straight through its dashboard with its ‘On-premise connector’.

Microsoft Active Directory is an on-premise tool that stores sensitive employee information and is not accessible over the internet. It helps an enterprise’s IT admins to manage permissions better and streamline access to a company’s network resources such as user groups, hardware, applications and more. 

What is the purpose of Scalefusion On-Premise Connector?

The Scalefusion On-Prem Connector offers a simplified way to securely connect with an organization’s on-premise Active Directory, let’s look at some of the applications that can be achieved with this connectivity.

IT Admins can import AD users / User Groups on Scalefusion Dashboard and enroll them to Scalefusion.

IT Admins can set up AD-based access to Scalefusion Dashboard which means the admins can sign in to Scalefusion Dashboard with AD credentials.

Once users/groups are imported their devices can be enrolled as BYOD on all platforms, viz. Android, Windows, iOS and Mac.

How does the Scalefusion On-Prem Connector work?

For the on-prem connector to successfully connect and share the information between the MDM dashboard and the On-prem connector instance, the connection request needs to be established from the Scalefusion dashboard. This creates an authorized connection to access the on-premise Microsoft Active Directory.

The OPC acts as a mediator between the Scalefusion dashboard and the on-premise resource to relay the necessary information back and forth. Furthermore, the data being transferred stays completely secure and encrypted with session keys which ensures that sensitive information is not leaked.

However, to set up the OPC with Scalefusion, IT admins need to fulfill some basic pre-requisites such as; having a Scalefusion Enterprise License, a regular Scalefusion account (neither a G-suite account nor an Office 365 account) and the write-access with account ownership/co-ownership.

The communication between Scalefusion and the on-prem connector takes place in two ways; either via reverse proxy or directly.

Via reverse proxy: The Web Server / Reverse Proxy must have a valid public DNS name with a valid TLS/SSL certificate issued by a publicly trusted Certificate Authority. The diagram below explains this scheme.

One of the Scalefusion dashboard servers initiates a secured HTTPS connection over port 443 to the on-prem URL.
The request is then received by the on-premise web server/reverse proxy
The on-premise web server/reverse proxy passes on the request using a regular HTTP connection over port 28767 to the machine that hosts the on-prem connector.
The on-prem connector uses the LDAP connection over port 389 (configurable) to the MS Active Directory.


2. Direct connection with OPC: The machine hosting On-Prem Connector must have a static public IP address or public DNS name. The diagram below explains this scheme.

One of the Scalefusion dashboard servers initiates a regular HTTP connection over port 28767 to the machine that hosts the on-prem connector.
The on-prem connector uses the LDAP connection over port 389 (configurable) to the MS Active Directory.


As the corporate world is driven towards a cloud-based environment, most of the tools and resources used by employees in organizations are available on the internet. However, the Scalefusion On-Prem Connector is the ideal way to access on-premise MS Active Directory that holds sensitive business and employee information in an encrypted manner. 

Schedule a free live demo here – https://scalefusion.com/book-a-demo  and get all your questions answered.

Staff writer

Leave a Reply

Your email address will not be published. Required fields are marked *

linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram