Most business organizations rely on Microsoft Active Directory or it's hybrid offering, Azure AD to manage users and carry out day-to-day essential IT tasks. However, it is not uncommon to find businesses using directory services to control access to other business applications that are used in the organization. This can be an internal communication application, a mail-hosting service, or any sales enablement applications.
Since these SaaS applications depend on their own native user directories to provision access and permissions, end users have been forced to remember credentials of not only their Windows network, but for each SaaS application they use as well. This proved to be a hassle as the number of applications the end users used grew, the more number of credentials they had to remember. This lead to an increase in helpdesk calls and poor password habits. In addition to this, administrators had to painstakingly manually map AD users to corresponding accounts in SaaS applications.
To eliminate such hassles and ensure a seamless user experience for the end user, Single Sign-On (SSO) was established. With SSO, users could sign on to the Windows network once, and then easily gain access to their SaaS applications without having to enter an additional set of credentials.
There are three ways with which an Hybrid Active Directory can integrate with SaaS applications to enable SSO. They are:
- Independent Integrations with AD
- Leveraging Microsoft AD Federation Services (AD FS)
- Using third-party solutions
Independent Integrations with AD
Most popular SaaS applications offer their own AD integration tool. If that is not the case, their API can be used to develop a close integration between your hybrid directory service and the application. However, the drawback of these independent integrations is the need to install and maintain tools from each SaaS application vendor. With the dependence on SaaS applications growing, organizations will have to maintain a portfolio of such tools for all the SaaS applications, which increases IT costs and complexity.
Leveraging Microsoft AD Federation Services (AD FS)
Microsoft released Active Directory Federation Services (AD FS) 2.0 during the launch of their Windows Server 2008 R2. It provided organizations with a comprehensive way of dealing with SSO for third-party applications. However, the downside with leveraging AD FS for enabling SSO was that it does not support user synchronization, nor does it address user provisioning or de-provisioning, natively.
Using Third-Party Solution
Unlike the application's own integration tools, third-party companies provide complete solutions to integrate existing hybrid AD infrastructure to extend SSO to end users.