Soe Thwin Oo: Single Sign-On with Azure Active Directory

Single Sign-on with Azure Active Directory?

Single sign-on means being able to access all of the applications and resources that you need to do business, by signing in only once using a single user account.

Nowadays organizations rely upon software as service (SaaS) applications such as Office 365, Box, etc… IT staff needs to individually create and update user accounts in each SaaS application, and user have to remember a password for each SaaS application.

Azure Active Directory extends on-premises Active Directory into the cloud, enabling users to use their primary organizational account to not only sign in to their domain-joined devices and company resources, but also all of the web and SaaS applications needed for their job.

Azure AD enables easy integration to many of today’s popular SaaS applications. It provides identity and access management, and enables user to single sign-on to applications directly, or discover and launch them from a portal such as Office 365 or the Azure AD access panel.

Azure AD supports three different ways to sign in to applications:

§ Federated single sign-on

§ Password-based single sign-on

§ Linked single sign-on

Federated single sign-on

Users in your organization to be automatically signed in to a third-party SaaS application by Azure AD using the user account information from Azure AD.

Password-based single sign-on

Users in your organization to be automatically signed in to a third-party SaaS application by Azure AD using the user account information from the third-party SaaS application. When you enable this feature, Azure AD collects and securely stores the user account information and the related password.

Linked single sign-on

This option simply allows the administrator to create a link to an application, and place it on the access panel for selected users. E.g. if there is an application that is configured to authenticate users using Active Directory Federation Services and administrator can use the “Linked Single Sign-On” option to create a link to it on the access panel. When user access the link, they are authenticated using Active Directory Federation Service, or whatever existing single sign-on solution is provide by the application.

Azure AD Application Gallery

Provides a listing of application that are known to support a form of single sign-on with Azure Active Directory.

Adding an unlisted application

Sing in to Azure Portal using your Azure Active Directory administrator account. Browse to the Azure Active Directory > Enterprise Applications > New application > Non-gallery application > Select Application > Add > Configure a Single Sign-On > Choose Sign-On option.