Inside Microsoft’s Sleeping Giant Part 1 of 4
Azure Active Directory
I’ve been having a lot of discussions about Single Sign-on and Identity Management with co-workers and customers. The solutions out there are many and they are great, Duo and Okta to name a few. While those products are leaders, Microsoft has been quietly and consistently improving Azure Active Directory. Azure Active Directory is a BIG product that can do a whole lot. Since its so large, I wanted to break it down into a few consumable sections.
Azure Active Directory – Background and Terminology
It’s assumed that if you are reading this you know what Microsoft’s Active Directory is, Azure AD is the cloud version. Both systems are considered “Identity Management”. The on-premises version has been around for almost 20 years and it’s been through some battles. I personally have more than a few war stories fixing a broken AD. Microsoft has gotten better at stabilizing it over 20 years as one would hope.
(A quick side note: Jeffrey Snover is a Microsoft distinguished engineer and he’s brilliant. He has a saying that Microsoft is not capable of sustained failure. I love this statement because while it’s an admission that mistakes will be made as long as you can improve upon them, you can create some truly impressive products. It’s not the first time and not the last time you are going to read about Jeffrey on this blog.)
The intriguing background on Azure AD is that it’s powering the highly successful Office365 solution. Every Office365 deployment has Azure AD to manage the end users. It was announced that Microsoft is crossing over to 100 million Office365 end users this quarter if they aren’t there already. Take a moment and consider that if you already have a system with 100 million users the kinds of applications you could build that leverages a solution that big.
Over this blog series, I’d like to go over where I think Microsoft is heading and review its current features. Before I get to those predictions, I’ll build a foundation with some terms that will be useful later.
Azure Active Directory Connect (Azure AD Connect) – This is a free tool that companies can use to sync their onsite Active Directory up to the cloud. If the cloud’s a journey, this is the airplane.
Single Sign-on (SSO) – The concept that you can log into a website once then use that authentication or token to log into other sites and applications.
Identity and Access Management (IAM) – When you take a step back and look at your users, they have two very important dimensions, who they are and what they do. IAM allows you to coordinate their environment around these dimensions.
Security Assertion Markup Language (SAML) – NERD ALERT – SAML’s a protocol that is used to confirm identities between different sites and applications. Here’s the best way I can explain it, you know what you go to log into HBOGO and its redirects you to pick out your cable provider? Well for me, I select Xfinity and enter my username and password. That’s SAML in the background.