Architecture
Adaxes is a standalone software solution that acts as a proxy between users and your on-premises AD, Azure AD, Exchange, and Microsoft 365. It means that native tools are still in place, so, if you need, you can always revert to using them and have direct access to your environment the same way as before.
All the Adaxes magic, such as automation rules, approval-based workflows, role-based permissions, data standards enforcements, etc. is only applied when executing operations through Adaxes. This means Adaxes can co-exist with other solutions like HR or payroll systems that directly interact with AD, Exchange, or Microsoft 365, without affecting these systems in any way.
No directory pollution
Adaxes does not pollute your on-premises AD or Azure AD in any way. It doesn't store any of its data in your directory, doesn't change native permissions, and doesn't extend the schema.
Cross-domain management
Adaxes can manage as many domains as you need. Both, on-premises AD and Azure AD domains are supported. In fact, Adaxes blurs the line between on-prem AD and Azure AD - objects scattered around different cloud tenants and different on-prem forests with no trust relationships can be managed from the same place in the same fashion. The same automation rules, approval workflows, scheduled tasks, etc. can be applied across your entire environment.
All operations in managed domains are executed via service accounts. A Windows Service Account for on-premises and an Azure application account for the cloud. This allows you to centrally delegate rights via Adaxes and enables users from one domain to perform operations in other totally unrelated domains.
Load balancing and fault tolerance
You can set up multiple Adaxes service instances that share common configuration. This enables you to distribute the load across multiple servers and provides a failsafe mechanism - if one Adaxes service goes down, others will be there to handle its workload. The same goes for the Web interface. Multiple instances can be placed behind a load balancer for an optimal browsing experience.
Extensibility
Adaxes doesn't limit you to just what's provided out-of-the-box. You can extend and customize the built-in functionality to exactly match the specific needs of your organization.
It is possible to supplement automated workflows with your own scripts to cover any scenario. On top of that, Adaxes has multiple APIs that enable you to create integrations with third-party software or develop custom clients for Adaxes. For more details see Adaxes SDK.
Communication encryption
With Adaxes, there are no security compromises. All communications between Adaxes service and Adaxes clients (Administration console, Web interface, etc.) always use an encrypted channel.
Security-sensitive communications between Adaxes service and an on-premises Active Directory use LDAPS or Kerberos encryption, and you have the option to enable LDAPS for all communications. Other systems, such as Azure AD, Exchange, and Microsoft 365 use encrypted channels at all times.
Secure public access
Adaxes Web interface can be exposed to the Internet by placing it in the DMZ while having all other components installed in the internal network. To secure user access to the Web interface, you can enable SSL for all communication between the Web interface and the users' web browsers. Even if SSL is not enabled, all security sensitive data sent by users to the Web interface is encrypted with 1024-bit RSA.
To prevent possible brute force attacks on your directory through the publicly exposed Web interface, Adaxes provides a robust brute force protection mechanism.