Channeling the Cloud

Windows Azure Active Directory: Taking AD Deeper into the Cloud

Active Directory took its first step into the cloud with Office 365, but Microsoft is upping the ante with free access control in the forthcoming Windows Azure Active Directory.

A vast majority of organizations have long relied on Microsoft Active Directory for single sign-on authentication and authorization to key internal resources. While AD isn't an endangered species, it's changing with the rapid growth of cloud services and Bring Your Own Device (BYOD) policies that require customers to provide access to employee-owned PCs, tablets and smartphones.

AD made its move to the cloud in 2011 with the launch of Office 365, when Microsoft permitted customers to federate their AD domains to services. Now user AD credentials can be found in other Microsoft cloud offerings including the online versions of its Dynamics applications and Windows Intune.

The next step for the cloud migration of AD is to move to the Microsoft Windows Azure service. In beta now, Microsoft recently said it will offer access control in Windows Azure Active Directory (WAAD) free of charge upon release.

"If you're building a service in Windows Azure, you can create your own tenant in Azure and create users and we let you manage those users, who can be connected to your cloud services," Uday Hegde, principal group program manager for Active Directory at Microsoft, told RCP last month. Furthermore, Hegde said Windows Server customers running AD on-premises can connect to WAAD and avail themselves of all its features.

Microsoft is betting its large customer base running AD will propagate it to WAAD. It stands to reason that those who move Windows Server applications to Windows Azure or build new ones will provide authentication services through WAAD.

But will WAAD provide the means of single sign-on and authentication in the cloud that AD delivers in the datacenter today? There's a lot of money betting against that. There are a number of players offering cloud-based Identity Management as a Service (IDMaaS) solutions, which leverage AD and WAAD to provide single sign-on to other resources such as Software as a Service (SaaS) offerings from Google, Salesforce.com and Workday, among hundreds more.

Among those providers are Centrify, Ping Identity, Okta and Symplified. Just last month, Okta received a cash infusion of $25 million in Series C funding led by Sequoia Capital, bringing the total amount it has raised to $52 million.

Okta, like many of its rivals, is using AD and WAAD APIs to enable single sign-on to SaaS and traditional apps. "A CIO wants to have one single identity system that connects them to these different applications," says Okta VP Eric Berg.

Centrify, which just launched its new DirectControl for SaaS, authenticates users via its AD credentials to access SaaS solutions. Like Okta, Centrify's cloud-based identity service doesn't aim to compete with WAAD, but to connect to it. "Our cloud offering is in effect an identity bridge to a customer's Active Directory," says Centrify CEO Tom Kemp.

As SaaS and BYOD become more pervasive, these and other third-party IDMaaS gateways will help bridge AD to these solutions, but don't appear likely to obviate it.

More Columns by Jeff Schwartz:

About the Author

Jeffrey Schwartz is editor of Redmond magazine and also covers cloud computing for Virtualization Review's Cloud Report. In addition, he writes the Channeling the Cloud column for Redmond Channel Partner. Follow him on Twitter @JeffreySchwartz.

Featured

  • Microsoft Appoints Althoff as New CEO for Commercial Business

    Microsoft CEO and chairman Satya Nadella on Wednesday announced the promotion of Judson Althoff to CEO of the company's commercial business, presenting the move as a response to the dramatic industrywide shifts caused by AI.

  • Broadcom Revamps VMware Partner Program Again

    Broadcom recently announced a significant update regarding its VMware Cloud Service Provider (VCSP) program, coinciding with the release of VMware Cloud Foundation (VCF) 9.0, a key component in Broadcom’s private cloud strategy.

  • Closeup of the new Copilot keyboard key

    Microsoft Updates Copilot To Add Context-Sensitive Agents to Teams, SharePoint

    Microsoft has rolled out a new public preview for collaborative "always on" agents in Microsoft 365 Copilot, bringing enhanced, context-aware tools into Teams channels, meetings, SharePoint sites, Planner workstreams and Viva Engage communities.

  • Windows 365 Cloud Apps Now Available for Public Preview

    Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.