Azure AD Connect–Identity in the Cloud, SSO Azure AD

The idea is – hundreds (maybe thousands) of applications – but just a SINGLE Identity (that works across all the apps)s.

 

Identity_Cloud_Single_Identity_MultipleApps

Three Models for Authentication

In all these models, identity between on-prem and Azure AD needs to be synchronized.

  1. Authenticate in Azure (Using Azure AD Connect)
  2. Authenticate against On-Prem AD (Windows Server AD) – by passing credentials from Azure to On-Prem using ADFS
  3. Seamless SSO

Seamless SSO

In order to avoid authenticating already authenticated users, a pass through agent is provided. Essentially, you add in two more infrastructure components – an AD Proxy (on the Azure side) and Connectors (on each of the apps).

  1. Azure AD app proxy is a cloud service that allows users to access on-premises apps securely.
  2. Users connect to the cloud service that routes traffic to the applications via connectors. Connectors are usually deployed inside the corporate network, next to the applications.
  3. Users connect to the cloud service that routes their traffic to application resources via the connectors.

Note: OWASP Recommendation  – Store the secondary SSO / framework / custom session identifiers in native session object – as opposed to sending as additional headers or cookies.

Authenticate in Azure

Identity_Cloud

Authenticate with Azure AD Connect (Service). Between Windows Server AD and Azure AD – perform Identity + Password (Hash) synchronization.

Summary

IAM in the cloud is a combination of Windows Server Active Directory, Microsoft’s Identity Manager  and Microsoft’s Azure Active Directory. With the combination of an AD in Azure and an AD on-prem, there are a multitude of authentication options available for providing a single point of IAM for multiple apps. 

Specializing in high volume web and cloud application architecture, Anuj Varma’s customer base includes Fortune 100 companies (dell.com, British Petroleum, Schlumberger).
Anuj’s training as a mathematical physicist followed by years of advanced computer programming is unique in the industry.

For Anuj’s popular technology seminars and science and scientific computing seminars, please visit ANUJ.COM

For Anuj’s Mathematical Models and Math Modeling related consulting , please visit anuj.com.

All content on this site is original and owned by AdverSite Web Holdings, Inc. – the parent company of anujvarma.com. No part of it may be reproduced without EXPLICIT consent from the owner of the content.

Anuj Varma – who has written posts on Anuj Varma, Technology Architect.


Leave a Reply

Your email address will not be published. Required fields are marked *