Microsoft Azure Active Directory (Azure AD) is Microsoft’s cloud service that provides identity and access management. It provides the ability to manage user identities and access rights. Azure AD combines core directory services, access management, and identity protection into a single solution.
Azure AD allows your users to sign in and access the resources which are in external resources such as Office 365 and thousands of other SaaS applications. It also allows your users to gain access to internal resources such as applications on your company network and intranet.
How does Azure Active Directory or Azure AD work?
The Azure Active Directory Authentication (Azure AD Authentication), takes place in the following steps:
- The user navigates to the application and requests access.
- An authentication request is sent to the miniOrange Broker Service.
- miniOrange Broker identifies the Azure AD and sends authentication requests of Azure AD.
- Azure AD authenticates the user and generates the SAML token, LDAP authentication Response is sent to the broker.
- miniOrange broker posts the SAML response to the Service provider (Application) via the user’s browser.
- The service provider (Application) verifies the SAML response and access is granted to the user.
Azure Active Directory or Azure AD Authentication Components
- Service Provider- Service providers are responsible for communications between the user, an identity provider that maintains a user directory. In this case, Azure AD is an identity provider and the application could be a Service provider.
- Service Provider- A service provider provides services to the end user. Service providers rely on identity providers to assert the identity of a user, and typically certain attributes about the user that are managed by the identity provider. Service providers may also maintain a local account for the user along with attributes that are unique to their service.
- Identity Provider- Here Azure Active Directory (Azure AD) is an identity provider. So here Azure AD as an Identity Provider authenticates the user and provides an authentication token (that is, information that verifies the authenticity of the user) to the service provider.
Limitations of Azure Active Directory Authentication or Azure AD Authentication
- Limited MFA methods: Azure AD Authentication supports limited Multi-Factor Authentication (MFA) methods.
- No Group policy: Azure AD has few policy tools like conditional access, but it is more focused on granting access.
- No support for NTLM or Kerberos: Azure AD Authentication supports only modern authentication protocols like OAuth, SAML & OpenID Connect.
- Limited OAuth support: Azure AD Authentication does not have support for all OAuth grants.
- No support to extend or customize existing protocols with custom apps.
- Limited support for Device, location, and time-based access policies.
Azure AD VS miniOrange IdP
|Features||Azure AD||miniOrange IdP|
|Multi-Protocol support||Supports only a few modern authentication protocols (OAuth, SAML & OpenID Connect)||Fully supports all protocols for Authentication.|
|Multi-Factor Authentication||Supports limited Multi-Factor Authentication methods.||Supports 15+ Multi-Factor Authentication methods.|
|Pricing Plans||A fixed annual subscription. ( No quote-based pricing plan).||A flexible monthly & quote-based pricing plan for all size organizations.|
|Security||Doesn’t support.||It supports fraud prevention, social login, and cloud security.|
|Adaptive Authentication||Doesn’t support.||It supports Adaptive Multi-Factor Authentication.|