Windows Azure Active Directory & Application Integration Single Sign-On

Windows Azure is growing rapidly on a daily basis, and as more organizations look into reducing business running costs, expanding IT infrastructure and looking at new ways to enhance the IT experience for there users it is important that you keep up to date with the ever changing world. Cloud Application Integration with Windows Azure Active Directory is growing in itself and vendors are starting to ensure their services also integrate with Windows Azure Active Directory as more organizations start moving towards cloud services.

we have seen huge growth in adoption of cloud services over the past few years, Office 365 customer base is expanding at a pronominal rate and at the same time organizations are also looking in to Windows Azure. In this article I wanted to write about a very small portion of Windows Azure and more specifically Azure Active Directory Integration with Google Apps.

I fully understand and appreciate that every organization is different, and that at the moment there are companies out there that have decided to migrate there email service to Google Apps as oppose to Office 365 and this could be for many reasons which I don’t really want to go into as it isn’t relevant for the purpose of this article.

I do know that most organizations are likely to be using Active Directory as there Identity Provider Internally and may even be looking to branch into Windows Azure to host there corporate website, host a service on a Virtual Machine in IaaS or maybe even use azure media services. In fact they may not of even considered it yet but it is probable that they will synchronize there on-premise identity provider “Active Directory” to Windows Azure Active Directory.

If your using Google Apps or have been for some time you maybe using the user provisioning service that is supplied, and have never thought about this but I want to basically make a point that no matter what service you use for your organization, as you start branching out into different vendors you will probably find that you either have to implement so many different types of identity synchronization tools or if that is not available then you have to manage separate identities which can be inconvenient or difficult to manage and control.

so obviously wouldn’t it be great if you could synchronize your on-premise identity provider (active directory) to a cloud based identity provider “Windows Azure Active Directory” and then integrate your 3rd party email service for example in this case Google Apps?… The good news is that it’s possible today to do this with Google Apps and many other 3rd Party Vendor Applications such as Salesforce, Citrix, DropBox for Business and so on and it is something that has been around for sometime and there are some great articles on TechNet which talk  you through how to set this up.

https://technet.microsoft.com/en-us/library/dn308590.aspx 

The list is going to continue to grow and if you are a vendor that has not currently looked into this then I strongly believe that it’s something you should start looking at.

The other great benefit of integrating your 3rd party applications into Windows Azure Active Directory is that you can simply provide your users with what we call an ‘Application Panel’ which pretty much looks like this

 

The idea behind this is that your users will sign-in to the access panel using exactly the same corporate credentials they use to sign-in to there computer with on a daily basis, or if you have Active Directory Federation Services setup then this experience will be seamless {internal to corp}, and then they will be able to access any of these 3rd party applications at a click of a button and automatically be signed in.

I use Google Apps as a primary example because the services that are provided here are core business applications such as E-Mail, Storage, Collaboration etc. and I know that many organization use it but i imagine they still use Active Directory On-Premise and so I wanted to make the point that as you expand your businesses out in to different cloud services, I think it is important that you think about your identity and authentication platforms now, and provider your users with a seamless experience going forward.

I just want to cover now how to pretty much get started, but it’s going to be very brief as there are fantastic articles over on TechNet that provide clear tutorials on how to achieve this. {re-write is not required} :-)

-----

Windows Azure Active Directory enables easy integration to many of today’s popular software as a service (SaaS) applications; it provides identity and access management, and delivers an Access Panel for users where they can discover what application access they have and can use single sign-on (SSO) to access their applications.

If you are already using Microsoft Office 365 then you will find that you will already have a Windows Azure Active Directory present and so when you sign-up for Windows Azure ensure that you sign-up with your Organizational Account which will then automatically show your Azure AD that was created with Office 365. The great thing about this is if you have already configured directory sync + password sync or even gone down the avenue of implementing active directory federation services then there is not much more you have to do, apart from adding cloud apps to your directory and configuring them for your SaaS applications.

If anyone has any questions regarding this, be sure to ping me! more than happy to discuss this further and also hear your thoughts.

Enjoy!

James.