Microsoft has opened its Active Directory (AD) to general availability on Windows Azure, giving developers access to the single-sign-on service for access to the suite of Microsoft services, third-party apps and SaaS providers.
Active Directory is the long-time single point of access to Microsoft Windows technologies. The Windows Azure AD compatibility means customers can provide similar controls online that had traditionally been integrated into servers managed by customers and their IT departments. Like Active Directory, the Windows Azure version eliminates the need for usernames and passwords, which can be a major security hole. IT can use the Windows Azure AD to manage permissions and revoke access when employees leave the company or change jobs.
Microsoft has also added capability for IT pros to manage identity privileges through Azure or their Microsoft accounts.
The move highlights the shift from the on-premise server room to the cloud and the identity changes that come with it. But it’s not just about access to systems of records such as ERP for managing corporate finance. The cloud is more about the systems of engagement, meaning all the mobile apps and the access points through REST-based APIs.
The move to the cloud has given rise to a new generation of identity services that seek to serve as the gateway to these systems of engagement. Okta is one of the early entrants. Salesforce.com is also developing an identity system.