If you have been following our blog posts and/or have been exploring Windows Azure Active Directory, you’ve probably read about how you can use it to connect your organization’s on-premises Windows Server Active Directory identities to the cloud, and how this enables your users to single sign-on into cloud-based applications without needing to log in with additional passwords. And you may have wondered what cloud-based applications work with Windows Azure Active Directory?
You can find these in the Windows Azure Active Directory application gallery.
The application gallery is the part of the latest application access enhancements for Windows Azure Active Directory, which are currently in preview. The gallery provides access to wide variety of popular SaaS applications that your users can single sign-on to from Windows Azure Active Directory today. This includes Microsoft’s cloud apps and services like Office365, and Dynamics CRM Online and third party applications like Salesforce.com and Box that you may already be using and want to connect to Windows Azure Active Directory.
Here is what you see when you want to add an application for your organization to use:
Today Windows Azure Active Directory supports more than 500 pre-integrated applications, and we are adding hundreds more in the coming months. You can use the application gallery to find your existing apps, as well as discover new ones.
If there’s an application you need that we don’t integrate with today, we’d definitely like to hear from you. Head over to the Windows Azure Active Directory forum and leave a comment about what applications you would like to see added.
We are adding 3-4 apps a day, so we can get new apps working pretty quickly once we know which ones to prioritize!
There are several types of applications that appear in the application gallery:
- Microsoft applications: Microsoft applications like Office365 and Dynamics CRM Online are present in the application gallery. There is no configuration required to connect Office365 applications. For example, all you need to do is follow the sign up link in the application gallery to sign up using your Windows Azure Active Directory account, and the Office365 does the rest.
- Applications that support federated single sign-on and automated user account provisioning: Many of the larger and more advanced cloud services support federation using SAML and expose API’s we can use for user provisioning. This includes applications like Salesforce.com, Box, and Google Apps. You can configure Windows Azure Active Directory to push user accounts to these application. Once this application is selected and added, you will be guided through a simple process to connect Windows Azure Active Directory to your applications for provisioning and single sign-on.
- Applications that support federated single sign-on: These applications support SAML-based single sign-on so that users do not need to have another password but do not have exposed API’s for user provisioning. Once this kind application is added, our service walks you through a guided tour with step by step instructions on how to configure each specific application to work with Windows Azure Active Directory.
- Applications that support password-based single sign-on: Windows Azure Active Directory includes password vaulting capabilities and we use these plus a browser helper object to provide an SSO experience for cloud services that only support signing in with a username and password. This means that even for this relatively unsophisticated services, we can automate the users sign in process, using credentials that can either be provided by an administrator or by the user upon first-time use.
The application gallery indicates which of these features are supported in the application description, as well as provide a link to learn more about the application including any prerequisites. For more details about these capabilities, see Application access enhancements for Windows Azure AD.
I think you’ll find that this set of capabilities delivers an amazing combination of improved security and control while delivering a simplified employee/end-user experience.
And as always, if you have any suggestions or feedback, we’d love to hear from you!
Alex Simons (twitter: Alex_A_Simons)
Director of Program Management
Active Directory Team