You should connect your Active Directory to the cloud

Sound scary?  Well it’s not, but it’s critically important in spurring cloud adoption in your organisation and therefore a set of key skills for IT Professionals.  We have a technology toolset called Active Directory Federation Service (ADFS 2.0) that uses a set of secure protocols like SSL and Public Key encryption to provide Single Sign On to applications that are not hosted inside your network.  It doesn’t even require a physical connection between your Active Directory Directory Service (AD DS) and the application, or even for you to dangle your AD DS on the internet like tasty shark bait.  In fact you don’t even have to place your AD DS into a DMZ.  All this means you can provide secure single sign on…but why would you and how do you?  (hint the how is at the bottom).

Lets take a look why.  What are the applications that your users use most frequently and easily?  Probably Word, Excel, PowerPoint…then probably some line of business apps (LOB).  How do people sign onto those LOB apps?  If you’re in a good place then they don’t need to, they just launch the app and get signed in automatically but if you aren’t then they probably need extra user names and passwords.  How many helpdesk calls does that create?  What perception of IT services in your organisation does that create?  I know, I’ve been there….the answer is usually lots of calls, poor perception.  That user experience can be better with simple AD authentication for the application.

The pain not having single sign on with a cloud application can be extreme.  Imagine this scenario:

what happens without ADFS

But with ADFS 2.0 in place all that has to happen is that the user remembers their Windows password and logs in.  Just once and it’s far more secure because your organisation is in charge of the password reset policy, the complexity policy and most importantly – because they don’t have to remember lots of passwords they stop writing them down on their desks.

We’re pretty serious about this being a major piece of the cloud for the IT Professional, so much so that both @deepfat and I took two days out a week or so ago for offsite training on how to build ADFS 2.0 infrastructures.  It’s not all that complex either…once you have an understanding of PKI.  But to make it even easier you’ll find whitepapers that take a step by step approach to the technology just here: Single Sign-On from Active Directory to a Windows Azure Application Whitepaper .  Not only is this essential for Azure it’s also essential to know for the best possible Office365 integration.

What do you think?