Microsoft recently announced several updates to Windows Azure. You can read about all the details on Scott Guthrie’s blog (ScottGu’s Blog), but there was one item that really caught my attention: Active Directory Application Access Enhancements. This feature (or collection of features) was previewed over the summer and is supposed to be available by the end of this year. 
With this service you get Single Sign On (SSO) to a bunch of internet systems like Office 365, Salesforce, Workday, Box, etc. Microsoft announced additions to this service include enhancements to SAML federation capabilities, integrated the new password vault system, supports multi-factor authentication, and have turned on outbound identity provisioning. These features allow Azure to provide SSO to hundreds of SaaS applications, which is absolutely necessary to support out collaboration needs.
According to Scott, Microsoft also announced the following features would be available in a free tier, which is really cool:
- SSO to every SaaS app Windows Azure integrates with – Users can Single Sign On to any app Azure integrates with at no charge. You can see in the picture that 350 applications are included right now.
- Application access assignment and removal – IT Admins can assign access privileges by web application to the users in their active directory assuring that every employee has access to the SAAS Apps they need. When a user leaves the company or changes jobs, the admin can just as easily remove their access privileges assuring data security and minimizing IP loss
- User provisioning (and de-provisioning) – IT admins will be able to automatically provision users in SaaS applications like Box, Salesforce.com, GoToMeeting, DropBox and others. Microsoft is working with key partners in the ecosystem to establish these connections, meaning you no longer have to continually update user records in multiple systems.
- Security and auditing reports – With the free version of these enhancements you’ll get access to a standard set of access reports giving you visibility into which users are using which applications, when they were using them and where they are using them from. In addition, Azure will alert you to unusual usage patterns, such as when a user logs in from multiple locations at the same time.
- Application Access Panel – The Application Access Panel will support the ability for users to access access and launch their apps from any device and anywhere.
We work with a lot of companies that struggle with SSO internally, but even more so externally. By using this Azure service, you can greatly enhance the collaboration needs of your employees when they need access to SaaS applications, and believe me, your users want to use these systems. In addition, you can extend this SSO to your own applications by implementing Windows Azure AD support (see Scott’s blog entry Announcing the Release of Visual Studio 2013 and Great Improvements to ASP.NET and Entity Framework).
So, now through Windows Azure you can provide SSO capabilities and manage access to internal applications and external systems in a secure, controlled manner.
Finally, thanks to my Perficient colleague Adetayo Adegoke for tipping me off to this through our Yammer news feed.
