I'm exploring options for deploying Zero Trust Network Access (ZTNA) for our remote employees so they can connect back to our domain controllers efficiently. We primarily use Windows and don't have a Hybrid Identity setup. Unfortunately, our head office IT, which controls Entra, isn't open to any third-party integrations, which complicates things. I've looked into Cloudflare, but they seem to mandate Entra ID, which I cannot work with. Any suggestions on vendors that support LDAP authentication without relying on Entra?
5 Answers
Getting a higher-up to rally for using existing tools might help, but I get it—HQ’s control can make it tough. Their centralized approach can hinder integrations and it doesn’t sound like they want to deal with extra management.
You might want to look into Tailscale for remote access. It’s not a product in itself, but more of a model. You can set up your ACLs to only allow communication with your DC IPs. Netmaker's another choice where you can join networks with temporary access without needing Entra.
Fortinet's ZTNA might be what you need. It supports direct LDAP authentication with your on-prem AD controllers, and it doesn't need Entra at all. You can either deploy a connector or use FortiGate as the access proxy to manage authentication and policies smoothly. We've had great success with it in setups similar to yours—it skips all the Entra ID requirements!
OIDC is usually the go-to for authentication these days. Have you thought about using an OIDC provider that can work with your AD LDAP? It could really simplify things for your ZTNA and other applications.
Have you checked out Global Secure Access? It might fit your needs well.
Yeah, I've been facing that same issue. Each business unit's essentially on its own, and HQ IT isn’t keen on the extra management. Makes rolling out new solutions a real headache.