This scenario is suitable if you have Identity Manager servers installed on two separate eDirectory trees where one tree belongs to Azure cloud and the other tree belongs to the enterprise network. This configuration uses eDirectory driver to synchronize identities between Azure cloud and the enterprise network through a VPN connection. The Identity Manager server that is running on the enterprise network or Azure cloud synchronizes the identities across their respective connected applications.
Figure 25-2 Hybrid Scenario Using eDirectory Driver Connection
The communication between the Azure cloud and the enterprise network is limited. It only synchronizes the delta changes. You can control the attributes to synchronize by configuring the driver filter. You can also leverage the policy engine to define additional controls for synchronizing attributes. For example, limit the password attribute from synchronizing and allow users to use different passwords to access Identity Manager servers from the Azure cloud and the enterprise network.