The Enterprise Access Challenge
When large organizations buy SaaS software, they do not want to manage separate user directories or passwords for their employees. They expect Single Sign-On (SSO) integrated with their local system credentials.
The release of Windows Azure Active Directory (Azure AD) provides a cloud directory service bridging local environments and SaaS products.
Identity Rule: Trust must be managed programmatically. Never ask enterprise users to re-enter local credentials on third-party SaaS databases.
Federated Security Protocols
Azure AD standardizes communication using open authentication protocols:
- ◆WS-Federation: Popular in enterprise .NET applications.
- ◆SAML 2.0: Standard for exchanging security assertions between identity providers and SaaS platforms.
- ◆OAuth 2.0 / OpenID Connect: Emerging standard for API authorization.
| Protocol | Payload format | Typical Use Case |
|---|---|---|
| SAML 2.0 | XML | Corporate Single Sign-On web portals. |
| WS-Fed | XML | Traditional Microsoft Active Directory syncs. |
| OAuth 2.0 | JSON | Web API authorization and mobile apps. |
Implementing Directory Synchronization
Azure Active Directory Sync (DirSync) replicates local user profiles to the cloud in the background:
<!-- Conceptual Web.config WS-Federation configuration in .NET -->
<system.identityModel>
<identityConfiguration>
<issuerNameRegistry type="System.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry">
<trustedIssuers>
<add thumbprint="1234567890" name="https://login.windows.net/..." />
</trustedIssuers>
</issuerNameRegistry>
</identityConfiguration>
</system.identityModel>By integrating Azure AD, software teams can sell SaaS products to enterprise customers, satisfying strict IT security rules.