Last week I was in Munich, attending a Microsoft partner event and I also delivered a track on Azure AD, called “Azure AD, the door to the future”. So I was thinking on writing down a brief summary of the content I delivered on Azure AD.
But it’s not possible to jump directly to Azure AD, without spending some words on the modern workplace, since Azure AD is just a technical answer for the challenges IT administrators face nowadays. Ten years back, the workplace was straightforward. Users came in their office, logged in to their PC and worked. In the evening they sut everything down and went home. Nowadays it’s different, since users are very mobile. They don’t simply work from their desk. Instead, users are now working from places difficult to imagine few years back, like bars, trains, hotels and their homes, of course. Not only that users are physically mobile, but they also use a vast palette of devices to accomplish work related tasks. If the IT department doesn’t offer devices, users will bring them themselves. In this circumstances, mobility is not something about movement anymore, but about the mobility of the entire experience.
Further, users also use a vast range of apps in their day to day work. And to be sincere, users also use a lot of third party SaaS apps to accomplish their tasks. Most IT departments wanted to improve the user experience and tried to integrate some way all the apps in their IT infrastructure, in order to prevent the leak of corporate information.
So we have mobile users, with a lot of devices, accessing corporate applications and also third party apps. From and identity management point of view, this leads to total chaos!
We have way to many point to point connections and this is a nightmare both for end users and IT administrators. For end users because they have to remember a different set of credentials for every applications and for IT administrators because they have to manage the user identity throughout its lifecycle. The first answer to this was the use of different brokers, like ADFS or othe implementations of the SAML 2.0 protocol or, in modern days, OAuth. This resolved the challenge for end users, since they now had a SSO experience, but the challenge for IT administrators remained, since they had to manage all the interfaces or relying parties just to use the ADFS terminology.
And here is where Azure AD comes in place! Azure AD is also a broker, but a very special one. Why? Because with Azure AD, IT administrators have to manage only one point to point connection, which is the Active Directory synchronisation, and Azure AD manages all other SaaS application integration on its end. Since Azure AD is preintegrated with more than 2400 SaaS apps, you just have to synchronise your identities and the rest is done by Azure AD. But even more, you can easily manage which users should have access to which SaaS applications, with what credentials they login and so on.
But Azure AD is not here to only help you with SaaS apps. You can also grant access to your on premises apps by using Azure Application Proxy and Azure AD. Azure application proxy is available with the Azure AD Premium license and allows you to grant access to your on premises apps so that users can use them even if they are not on your corporate network. You just have to install an Azure Application proxy connector on premises and Azure AD pre-authenticates your users. The connector opens just one outbound connection from your infrastructure towards Azure and this means you won’t need to make any firewall adjustments. The only thing is that you should install the connector somewhere on your network where the name of your app is discoverable by DNS.
So we have a lot of devices, we have Azure AD as a smart broker, we have SaaS apps and we have the possibility to also use Azure AD to grant access to on premises apps. Something is still missing from this panorama. Nowadays, almost any business is about collaboration with other partners. So there are scenarios where users from Company A need to login into applications owned by Company B and vice versa.
Fortunately, Azure AD comes with an answer to this challenge and the answer is: Azure AD B2B. This is a pretty new service that allows you to easily grant access to external users to your apps by uploading a CSV file. Those users are created as guests in your Azure AD and they will be able to log in to your application using their own credential set.
As you can see, Azure AD is a really cutting edge identity and access management as a service solution that enables IT administrators to manage identities throughout their lifecycle. Users will be able to easily consume SaaS applications or even on premises applications without worrying about credentials anymore. Partners have now the opportunity to easily collaborate being on the same page and using the same apps. Azure AD really enables organizations to do more and that’s why Azure AD is the door to your future, or even to your present.
Latest posts by Dan Patrascu-Baba (see all)
- ADFS in multi forest environments - 20/10/2017
- #Build 2017 – some exciting things - 10/05/2017
- Testing Azure AD per app MFA and conditional access based on network location - 29/07/2016