Azure AD Services is supposed to be able to do some LDAP stuff. Switching that on and connecting it to Zammad might work for provisioning employee accounts. Depending on how you set things up your provisioned/synced employee accounts could be populating a user field synced over from LDAP. As long as external customers don’t populate that field, you’d have a way to tell them apart. Another option might be to have the LDAP sync assign a custom role created for internal folks.
↧