Microsoft Azure Active Directory

What is AZURE AD ?

Microsoft Azure Active Directory (Azure AD) is Microsoft’s cloud service that provides identity and access management. It provides the ability to manage user identities and access rights. Azure AD combines core directory services, access management, and identity protection into a single solution.

Azure AD allows your users to sign in and access the resources which are in external resources such as Office 365 and thousands of other SaaS applications. It also allows your users to gain access to internal resources such as applications on your company network and intranet.

How does Azure AD works ?

The authentication process using the Azure Active Directory (Azure AD), takes place in the following steps:

  1. The user navigates to the application and requests the access.
  2. An authentication request is sent to the miniOrange Broker Service.
  3. miniOrange Broker identifies the Azure AD and sends authentication request of Azure AD.
  4. Azure AD authenticates the user and generates the SAML token, LDAP authentication Response is sent to the broker.
  5. miniOrange broker posts the SAML response to the Service provider (Application) via the user’s browser.
  6. The service provider (Application) verifies the SAML response and access is granted to the user.

azure active directory ad workflow diagram


Azure AD Components

  • Service Provider- Service providers are responsible for communications between the user, an identity provider that maintains a user directory. In this case, Azure AD is an identity provider and application could be a Service provider.
  • Service Provider- A service provider provides services to the end user. Service providers rely on identity providers to assert the identity of a user, and typically certain attributes about the user that are managed by the identity provider. Service providers may also maintain a local account for the user along with attributes that are unique to their service.
  • Identity Provider- Here Azure Active Directory (Azure AD) is an identity provider. So here Azure AD as an Identity Provider authenticates the user and provides an authentication token (that is, information that verifies the authenticity of the user) to the service provider.

Limitations of Azure AD

  • Limited MFA methods: Azure AD supports limited Multi-Factor Authentication (MFA) methods.
  • No Group policy: Azure AD has few policy tools like conditional access, but it is more focused on granting access.
  • No support for NTLM or Kerberos: Azure AD supports only modern authentication protocols like OAuth, SAML & OpenID Connect.
  • Limited OAuth support: Azure AD does not have support for all OAuth grants.
  • No support for 2FA on VPN: Radius server
  • No support to extend or customize existing protocols with custom apps.
  • Limited support for Device, location and time-based access policies.

  • Azure AD VS miniOrange IdP

    Features Azure AD miniOrange IdP
    Multi-Protocol support Supports only a few modern authentication protocols (OAuth, SAML & OpenID Connect) Fully supports all protocols for Authentication.
    Multi-Factor Authentication Supports limited Multi-Factor Authentication methods. Supports 15+ Multi-Factor Authentication methods.
    Pricing Plans A fixed annual subscription. ( No quote based pricing plan). A flexible monthly & quote based pricing plan for all size organizations.
    Security Doesn’t support. It supports fraud prevention, social login, and cloud security.
    Adaptive Authentication Doesn’t support. It supports Adaptive Multi-Factor Authentication.

    Related Articles: