Azure® Active Directory® (Azure AD or AAD) has been a popular identity management tool used among IT admins since its introduction. As a useful resource for bridging Azure credentials to select pre-integrated applications, Azure AD’s authentication protocols provide value for IT admins looking to allow their Azure users to employ single sign-on (SSO) for a number of applications.
Below, we’ll discuss Azure AD’s native authentication capabilities, as well as options for admins looking to connect AAD users to additional resources.
Using Azure AD For Authentication
Authentication is the process of making sure users are who they say they are, which is vital for protecting sensitive information contained within IT resources.
Natively, AAD authenticates Azure user credentials to Windows® 10 Pro devices and select web apps via SAML 2.0, OpenID Connect, OAuth 2.0, and WS-Federation. IT teams seeking a tool for connecting Azure users to applications like Office 365™ may find great value in Azure AD’s native capabilities. However, cloud-forward organizations looking to implement a single cloud IdP for connecting users to their systems, networks, applications, and files may require additional solutions.
Authenticating to All IT Infrastructure
Azure Active Directory was originally designed as a complementary service to on-prem Active Directory. As such, for admins wanting to use Azure AD as a cloud-based directory service, AAD may lack key features.
Though it is a useful solution for integrating Azure credentials with certain apps, AAD’s list of available authentication protocols often leave IT teams searching for other solutions for authenticating their infrastructure. Azure AD struggles to intrinsically authenticate users to systems beyond Windows 10 Pro. These include other Windows systems, macOS® machines, and Linux® servers hosted in AWS®.
In addition, IT admins who want to use Azure AD for network authentication will have to implement and configure their own FreeRADIUS server (or RADIUS compatible solution) that syncs with Azure AD. This is usually done via a managed LDAP domain in Azure AD Domain Services (Azure AD DS).
Azure AD also requires additional support for authentication to legacy applications via LDAP. To achieve (Read more…)
*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Kayla Coco-Stotts. Read the original post at: https://jumpcloud.com/blog/aad-authentication-protocols