Since its introduction, Microsoft® Azure Active Directory® (Azure AD or AAD) has been a go-to for organizations looking to increase the single sign-on (SSO) functionality of their legacy directory service, Active Directory.
But how much does Azure AD really aid organizations in consolidating on-prem and cloud-based resources in a centralized interface? Below, we’ll discuss Azure AD’s functionality as an SSO solution, as well as options for organizations seeking an all-in-one approach to identity and access (IAM) management.
Using Azure AD for SSO
For organizations leveraging AD, Azure AD connects existing AD credentials to resources hosted in the cloud. As a user management tool hosted in Azure, AAD offers SSO capabilities for select pre-integrated web applications (like Salesforce® and Office365™).
Using Azure AD and AD together works in admins’ favor because users can leverage a single set of credentials to access their Windows®-based systems and certain web applications. However, organizations looking to leverage Azure AD + AD for the entirety of their SSO needs may find they require additional solutions on top of their existing infrastructure, which can negatively affect IT teams with limited budgets.
Microsoft’s identity management tools effectively connect users to some of their resources, but IT departments need to implement additional infrastructure to authenticate users to others. For example, supplemental tools or extensive implementation are needed for:
- Network authentication via RADIUS
- Syncing users between AD and AAD via Azure AD Connect
- Authentication to cloud servers hosted at Amazon Web Services® (AWS)
In addition, AD + Azure AD struggles to connect users to systems outside the Windows domain. Organizations that provide their users with the opportunity to work from macOS® or Linux® machines would require another solution for managing user access/system policies.
These disparate solutions can force admins to silo user identities. This ultimately weakens their security posture and welcomes cyberthreats through possible misconfigurations as a result of manually provisioning/deprovisioning users to these various platforms. Such misconfigurations could cause situations in which users are still provisioned to internal resources after they’ve left a company.
Reference: https://securityboulevard.com/2020/03/azure-ad-for-single-sign-on-sso/