Welcome to the new world of SaaSSSO… :)

10 בספטמבר 2013

 

I love this quote by the famous hokey player, Wayne Gretzky. When asked why he is soo successful he said…"I skate to where the puck is going to be, not where it has been". SaaS is where the puck is going…and as organizations move to cloud based applications, specifically, software as a service (SaaS) applications such as Office 365, Box and Salesforce, SSO is becoming a challenge.

Managing many user accounts and passwords has always been a challenge. Imagine having to manage multiple applications on premises and now in the cloud…

Organizations can (or probably will) end up with many SaaS applications. So having to sync your users and maybe passwords to each and every vendor is certainly going to be a challenge.

Organizations who have worked with Azure and Office 365, have experienced seamless Single sign on using federation and Dirsync to leverage their on premises users and authentication to allow access to Azure and Office 365. The premise is log in once in the morning and seamlessly log into Azure and Office 365 as if there were on premises.

Now, stop and think of a new world and imagine using that same mechanism to allow access to all your SaaS applications! Think of a portal for your users, where they see all the applications (SaaS) that they have authorization to access, they click and Voila(!)…they have seamless access to that application!

Coming soon…and in preview now…Windows Azure AD enables easy integration to many of today’s popular SaaS applications.

Windows Azure AD Application "Application Access" provides identity and access management, and delivers an access panel for users where they can discover what application access they have and single sign-on (SSO) to access their applications.

The architecture of the integration consists of the following four main building blocks:

  • Single sign-on enables users to access their SaaS applications based on their organizational account in Windows Azure AD
  • Account sync enables user provisioning and deprovisioning into target SaaS based on changes made in Windows Server Active Directory and/or Windows Azure AD
  • Centralized application access management in the Windows Azure Management Portal enables single point of SaaS application access and management
  • Unified reporting and monitoring of anomalous user activity in Windows Azure AD

Want to try this out? Let me give you a walkthrough of getting this up and running…

To start you will need a few things…

1) You'll need an Azure Tenant – You can sign up for the free trial.

2) Azure AD – Totally FREE!

3) To try the integration, you'll need a SaaS provider already set up.

4) You will also need to enable the "application Access" Preview…you can do this here

clip_image003[4]

Once you have signed up…in the Azure portal, goto the Active Directory section on the left and click on your instance of Azure AD (Microsoft in my example)

clip_image005

Once on that screen, you will see all the cool new things that you can do with Azure

clip_image006[4]clip_image008[4]

Now…click on the “applications” section from the screen on the right, as shown in the following screen…and click “add” at the bottom…

clip_image010

clip_image011[4]Click “Add an application for my organization to use

clip_image013

Now you can choose from the list of the current applications that we have integration with…

clip_image016

These are some of the ones that I particularly like…AWS…

clip_image018

Google Apps…

clip_image020

SalesForce.Com…

clip_image022[4]

Once you choose, you have a simple 1 step process to configure SSO, Account Sync and User Access

For example, the following screen allows you to choose if you want SSO of you want the user to use the applications credentials…

clip_image024

For a step by step tutorial, please take a look at the following links:

Tutorial: Windows Azure AD integration with Salesforce

Tutorial: Windows Azure AD integration with Box

Tutorial: Windows Azure AD integration with Google Apps

Once you finish "publishing"…. Voilla! As you can see below…this is it, this is actually what your end users see when they access their SaaS application "access portal".

Users, access the portal, they can see all the applications that are accessible by them, and they can now they can seamlessly access their SaaS applications!

Technorati Tags:

clip_image026[4]

If you want to more information on the access panel click here for an introduction!

So, as you can see we are moving to a brave new world of SaaS and SSO… (SaaSSSO as I like to call it…). I hope that business leaders and system administrators see the great value in enabling technologies such as this…I am certain that efforts like this will add to end user productivity, instead of figuring out which account to use or talking to help desk about password resets or account lockout…

Stay tuned for general availability coming in the next few months!

הוסף תגובה
facebook linkedin twitter email

כתיבת תגובה

האימייל לא יוצג באתר. שדות החובה מסומנים *