Azure Active Directory

by Alpesh Pawar, posted in Tutorials

READING TIME : 20 MINUTES

What is Azure AD?

It’s a one stop solution for cloud-based directory, and identity management service which combines core directory services, application access management and identity protection in a single solution. It’s a easy platform for developers to perform access control to their applications, based on centralized policy and rules.

Azure AD Connect Stack

Reliability

After knowing the fact of Azure with 99.9% promised uptime by Microsoft for Active Directory Basic and Premium services which runs out of 28 Datacenters around the globe with automated failover gives enough confidence to customers in terms of reliability. Even if one of the Data centers goes down, Microsoft copies your live directory data in at least two regionally spanned data center and available for instant access.

Options for Plan

Microsoft has moved all its online access services now rely on Azure AD for sign-in and other identity needs. For example: if you opt to go for O365 or Azure, customer’s get Azure AD access for free features. With the Azure Active Directory Free edition, you can manage users and groups, synchronize with on-premises directories, get single sign-on across Azure, Office 365, and thousands of popular SaaS applications like Salesforce, Workday, Concur, DocuSign, Google Apps, Box, ServiceNow, Dropbox, and more.

For more services in AAD(Azure Active Directory) you can go with upgraded plan

  • Active Directory Basic : This is basic feature pack which is used by early cloud mover companies for managing cloud-based application and Self-Service identity management.
  • Premium P1 : This pack is designed for organization which demands for feature-rich enterprise-level identity management capabilities and enables hybrid users to seamlessly access on-premises and cloud capabilities. t includes Microsoft Identity Manager (an on-premises identity and access management suite) and provides cloud write-back capabilities enabling solutions like self-service password reset for your on-premises users.
  • Premium P2:  This one is top tier plan for AAD with advanced protection for all your users and administrators. It includes all the features of AAD Basic and Premium P1 plus additional features like protect privileged accounts with Azure Active Directory Privileged Identity Management so you can discover, restrict, and monitor administrators and their access to resources and provide just-in-time access when needed.

Azure Active Directory pricing

Azure AD Authentication

Azure Active Directory (Azure AD) simplifies authentication for developers by providing identity as a service, with support for industry-standard protocols such as OAuth 2.0 and OpenID Connect, as well as open-source libraries for different platforms to help you start coding quickly.

Below diagram depicts the most basic type of authentication in Azure AD.

It just verifies the identity of the user and the application by providing them security token upon successful auth of both.

The flow of request and response for the auth process is usually determined by the Authentication protocol used. For details of authentication protocol: Authentication protocols.

Overview of sign-on to web application

 

Register an application in Azure AD

When the organization decides to launch an application outside cloud they always have to register it in the Azure AD. There are some steps involved to register an application/applications in the Azure AD. Following are the details.

  1. URL of the application
  2. Location of the application where it is hosted.
  3. URI of the application to identity it.

Keys reasons why we need this information:

Azure AD needs to communicate with application and the user to handle the sign-on process and its token exchanging process. When the process happens, it takes the following things into consideration:

  • Application ID URI: Identifier for the application. This is the value which is send to AD during the auth process to indicate which application the user wants the token for. This value is included in the token for the intended target application.
  • Reply URL and Redirect URI:  For web API or any web application call, it will decide where the authentication request needs to be sent which includes the authentication token which was successful.
  • Application ID: When the application is registered in Azure AD there is an unique ID which gets registered. When a token is requested an authorization code is sent to Azure AD.
  • Key: Key that is sent along with an Application ID when authenticating to Azure AD to call a web API.

Azure AD needs to ensure that the application should the required permissions to access the directory data, other applications and so on.

 

Leave a comment