I love this quote by the famous hokey player, Wayne Gretzky. When asked why he is soo successful he said…"I skate to where the puck is going to be, not where it has been". SaaS is where the puck is going…and as organizations move to cloud based applications, specifically, software as a service (SaaS) applications such as Office 365, Box and Salesforce, SSO is becoming a challenge.
Managing many user accounts and passwords has always been a challenge. Imagine having to manage multiple applications on premises and now in the cloud…
Organizations can (or probably will) end up with many SaaS applications. So having to sync your users and maybe passwords to each and every vendor is certainly going to be a challenge.
Organizations who have worked with Azure and Office 365, have experienced seamless Single sign on using federation and Dirsync to leverage their on premises users and authentication to allow access to Azure and Office 365. The premise is log in once in the morning and seamlessly log into Azure and Office 365 as if there were on premises.
Now, stop and think of a new world and imagine using that same mechanism to allow access to all your SaaS applications! Think of a portal for your users, where they see all the applications (SaaS) that they have authorization to access, they click and Voila(!)…they have seamless access to that application!
Coming soon…and in preview now…Windows Azure AD enables easy integration to many of today’s popular SaaS applications.
Windows Azure AD Application "Application Access" provides identity and access management, and delivers an access panel for users where they can discover what application access they have and single sign-on (SSO) to access their applications.
The architecture of the integration consists of the following four main building blocks:
Single sign-on enables users to access their SaaS applications based on their organizational account in Windows Azure AD
Account sync enables user provisioning and deprovisioning into target SaaS based on changes made in Windows Server Active Directory and/or Windows Azure AD
Centralized application access management in the Windows Azure Management Portal enables single point of SaaS application access and management
Unified reporting and monitoring of anomalous user activity in Windows Azure AD
Want to try this out? Let me give you a walkthrough of getting this up and running…
To start you will need a few things…
1) You'll need an Azure Tenant – You can sign up for the free trial.
2) Azure AD – Totally FREE!
3) To try the integration, you'll need a SaaS provider already set up.
4) You will also need to enable the "application Access" Preview…you can do this here
Once you have signed up…in the Azure portal, goto the Active Directory section on the left and click on your instance of Azure AD (Microsoft in my example)
Once on that screen, you will see all the cool new things that you can do with Azure
Now…click on the “applications” section from the screen on the right, as shown in the following screen…and click “add” at the bottom…
Now you can choose from the list of the current applications that we have integration with…
These are some of the ones that I particularly like…AWS…
Once you choose, you have a simple 1 step process to configure SSO, Account Sync and User Access
For example, the following screen allows you to choose if you want SSO of you want the user to use the applications credentials…
For a step by step tutorial, please take a look at the following links:
Once you finish "publishing"…. Voilla! As you can see below…this is it, this is actually what your end users see when they access their SaaS application "access portal".
Users, access the portal, they can see all the applications that are accessible by them, and they can now they can seamlessly access their SaaS applications!
If you want to more information on the access panel click here for an introduction!
So, as you can see we are moving to a brave new world of SaaS and SSO… (SaaSSSO as I like to call it…). I hope that business leaders and system administrators see the great value in enabling technologies such as this…I am certain that efforts like this will add to end user productivity, instead of figuring out which account to use or talking to help desk about password resets or account lockout…
Stay tuned for general availability coming in the next few months!