In our last blog of this series, we explored the benefits of Azure Multi-Factor Authentication. Today, we’re discussing another feature of Azure Active Directory – Microsoft Single Sign On.
In any organization, there are a number of applications that are used by the team on a daily basis and many of these have passwords. With the recent explosion of cloud-based applications, this problem has become even more pronounced. With Azure AD Premium, Microsoft has a single sign-on solution that allows you to log into one site with your AD credentials and then all of your other logins are managed via that site. Users no longer need to remember their passwords. They are either cached in the site or their AD credentials are passed automatically to ensure an easy and simple login experience for all of their web-based applications.
What applications does Microsoft Single Sing-On work with?
Microsoft has almost 3,000 applications currently available in their gallery that can be imported and easily configured for the SSO site. These apps cover all areas including collaboration, payroll and HR, cloud and IT services, and even personal sites such as Costco and American Airlines. If your app isn’t one of the 3,000 available, not to worry. Microsoft also makes it easy to add in custom apps and authenticate to them using the site.
Even if the application doesn’t have support for ADFS or any type of single sign-on, users can securely store their password in the SSO website and Microsoft will automatically pass those credentials onto the apps as needed. That way users need to only set their password once and store it and then the site will take care of the rest.
As an added benefit, apps can be assigned individually to users and groups. Not all users need every app in your organization and sometimes assigning all of them may lead to more clutter. With selective assignment, only the apps people need to use are available, keeping their portal as clean and easy to use as possible.
But don’t I need ADFS or some other SSO solution if I want AD integration?
In the past, it is true that in order to integrate most web applications with your on-premises Active Directory, you needed ADFS or some other similar authentication provider. However, Azure Active Directory now has many of the ADFS features built in and can take over that role without you needing to build out any new hardware or servers. AD Connect can easily sync your on-premises Active Directory to Azure AD so your users’ credentials will remain in sync whether you are using an on-premises device, Office 365, or any other Microsoft service or the thousands of other applications that can link to Azure AD SSO.
Are you curious what applications you might need to add into this SSO site? In our next blog, we will be skipping ahead to the second EMS product Microsoft Cloud App Security, which is a solution for tracking and securing cloud applications in your environment.