Azure AD Connect–Identity in the Cloud, SSO Azure AD

The idea is – hundreds (maybe thousands) of applications – but just a SINGLE Identity (that works across all the apps)s.



Three Models for Authentication

In all these models, identity between on-prem and Azure AD needs to be synchronized.

  1. Authenticate in Azure (Using Azure AD Connect)
  2. Authenticate against On-Prem AD (Windows Server AD) – by passing credentials from Azure to On-Prem using ADFS
  3. Seamless SSO

Seamless SSO

In order to avoid authenticating already authenticated users, a pass through agent is provided. Essentially, you add in two more infrastructure components – an AD Proxy (on the Azure side) and Connectors (on each of the apps).

  1. Azure AD app proxy is a cloud service that allows users to access on-premises apps securely.
  2. Users connect to the cloud service that routes traffic to the applications via connectors. Connectors are usually deployed inside the corporate network, next to the applications.
  3. Users connect to the cloud service that routes their traffic to application resources via the connectors.

Note: OWASP Recommendation  – Store the secondary SSO / framework / custom session identifiers in native session object – as opposed to sending as additional headers or cookies.

Authenticate in Azure


Authenticate with Azure AD Connect (Service). Between Windows Server AD and Azure AD – perform Identity + Password (Hash) synchronization.


IAM in the cloud is a combination of Windows Server Active Directory, Microsoft’s Identity Manager  and Microsoft’s Azure Active Directory. With the combination of an AD in Azure and an AD on-prem, there are a multitude of authentication options available for providing a single point of IAM for multiple apps. 

Cloud Advisory Services | Security Advisory Services | Data Science Advisory and Research

Specializing in high volume web and cloud application architecture, Anuj Varma’s customer base includes Fortune 100 companies (, British Petroleum, Schlumberger).

All content on this site is original and owned by AdverSite Web Holdings, Inc. – the parent company of No part of it may be reproduced without EXPLICIT consent from the owner of the content.

Anuj Varma – who has written posts on Anuj Varma, Technology Architect.

Leave a Reply

Your email address will not be published. Required fields are marked *