As a Microsoft partner with several gold competencies and cloud memberships, we are entitled to an extensive suite of internal use licenses for many of Microsoft’s on-premise and cloud products. During our recent rollout of Office 365, the elegance of Microsoft’s long-term vision of federating authentication (which has been evolving since the release of Active Directory Federation Services (ADFS) 1.0 in 2005) really stood out.
Once an ADFS 2.0 infrastructure is in place, federating authentication with our hosted Office 365 environment was relatively easy. Our users now have access to hosted versions of Lync, Exchange and SharePoint using their familiar domain credentials. Up next for us is migrating our current Dynamics CRM Online deployment into the Microsoft online services portal environment where our Office 365 environment is managed. Once this change is complete, CRM will leverage the same ADFS-based federated authentication platform. Our federated authentication infrastructure also lets us take advantage of Azure Connectivity Services (ACS) from several environments we run on Amazon Web Services (AWS). We leverage AWS’s IaaS capabilities to host several of our newest public-facing properties, including this very blog and our Ideas site (ideas.appliedis.com), where we post select premium content for clients and potential clients. By claims-enabling our MVC 3.0-based Ideas site, we can leverage ACS to authenticate with Facebook, Yahoo and Google. But, we’re also able to use it to authenticate against our corporate active directory environment via ADFS. Using this same approach, we enabled federated authentication against our WordPress blog. Using the ACS Plugin for WordPress, we enabled WordPress to authenticate with our corporate AD environment and provide our busy AIS bloggers another single sign-on experience.
We have also begun to take advantage of ADFS to simplify the deployment and management experience for many of the cloud-based solutions we build for our customers. A solution that is currently under development will be hosted on AWS and leverage the client’s on-premise ADFS infrastructure to simplify their account management process. From a deployment standpoint, this configuration is very elegant, in that we won’t need to implement any type of VPN between the on-premise and cloud-based ADFS infrastructure, and the client is able to manage credentials using their familiar AD environment.
The next building blocks in Microsoft’s authentication federation vision are now moving into place. Windows Azure Active Directory (WAAD) is the service upon which Office 365 directories are built and which ACS is rolled into. WAAD is not a general-purpose cloud-based directory service…at least not yet. One has to wonder if in repositioning ACS as part of WAAD, Redmond is signaling a future intention of providing a truly extensible cloud-based directory service: one that could allow organizations to rely exclusively on a cloud-based directory service and eliminate their on-premise Active Directory infrastructures.