In previous article I explain the difficulties had on “cloud” to extend organization’s identity management. Therefor most of the applications, services on cloud used to have their own identity stores.
With Windows Azure AD, it allows to extend the local infrastructure identity management to the cloud seamlessly to allow users to get self-service capabilities and single-sign-on access. So end users no need to worry about the way they can access organization’s resources, services etc. or where it’s located (on-premises or cloud).
In before when deal with identity management in hybrid cloud setup, most of time you need to “replicate” the setup on cloud and on-premises in order to get them work with proper access control. But Azure AD allows to “sync” with existing system and allows to control access management in central location.
Windows Azure Active Directory provides centralized identify management for office365, windows intune, over 1000 SaaS applications. Not only that it provides techniques, tools to integrate your own cloud-based application or services. It also allows to “sync” with in-house active directory environment using “DirSync” and AD FS (Active Directory Federation Services) features.
Currently there is 3 versions of Windows Azure Active Directory.
Free – Free edition allow you to sync with in-house active directory environments, get SSO with Azure services and thousands of Saas applications.
Basic – This version gets all the features of free version plus group-based access management, self-service password reset, windows azure active directory application proxy to publish on-premises web applications in to cloud. It also includes enterprise level SLA which guarantee 99.9% uptime.
Premium – This version includes all the features of free and basic versions plus self-service group management, security reports and alerts, multi-factor authentication and Microsoft identity manager (MIM).
You can get more info from following nice video.
Major benefits of WAAD
1. Centralized identify management – You can manage logins for AD or WAAD from any remote location and from any device.
2. Advanced Access Control – you can set rules to control the access to cloud application and resources based on users, devices, locations etc.
3. Single-Sign-On (SSO) – Provides SSO for cloud, on-premises resources and applications. It also supports for thousands of SaaS applications available in market.
4. Application Proxy – we can allow external user access to applications published via in-built AD application proxy. Its access can control via rules and policies according to company requirements.
5. Advanced Reporting – It provides daily usage reports, access reports. It also allow to use custom reporting based on azure Ad reporting API.
This is the end of the post and in next post lets see how to setup WAAD. If you have any question about the post, feel free to contact me on firstname.lastname@example.org
Image source: http://files.channel9.msdn.com/thumbnail/4ac52e5b-b3ac-4fbd-bbc7-bd4bae8403da.png