Today I’m thrilled to be able to share the new application access enhancements we’ve just addded to Windows Azure Active Directory that are now available in preview. Starting today you can experience these enhancements which include:
- Pre-integrated SSO with top Software-as-a-Service (SaaS) apps like Office 365, Box.com, Salesforce.com, Concur, DropBox & Google Apps Gmail, plus 40 more.
- A simple, easy to use end-user access panel with one click access to the SAAS apps your company makes available to each employee.
- All of this functionality is free both in preview and will remain free when it is released for General Availability.
These improvements build upon the capabilties I’ve previously blogged about in Windows Azure AD.
Starting today, anyone with Windows Azure AD tenant can opt-in to the application access enhancements preview to try out new capabilities. With a few easy steps you’ll be able to control access to many of the top Software-as-a-Service (SaaS) applications your company uses, through one simple management experience.
(Note: If you don’t have a Windows Azure AD tenant here’s how to get one.)
The new capabilities we’re making available today in preview include:
- A gallery of pre-integrated SaaS apps including top apps like Office 365, Box.com, Salesforce.com, Concur, DropBox & Gmail (plus 40 more).
- Easy SSO configuration using SAML federation or secure password mangement.
- User provisioning integration with top SaaS apps like Box, Salesforce.com and Gmail.
- Simple security reports reporting user logins and suspicious logins.
- A browser based end-user access panel which makes it easy for employees to find the SaaS apps you’re organization provides them and to Single Sign On (SSO) to those applications.
Fig 1: Access Panel enables end-users to easily access a large set of pre-integrated SaaS apps.
You can access the preview by opting in for “Application access enhancements” here: http://www.windowsazure.com/en-us/services/preview/. (Note you will need to be the Global Admin for your Windows Azure AD Tenant to turn on access.)
After you join the preview, go to the Windows Azure Management Portal at https://manage.windowsazure.com/. The preview application access features will be available in the APPLICATIONS tab in the Active Directory section.
The official announcement of the preview is here if you are interested in reading about it and the other new capabilities that have recently been added to Windows Azure.
Integrate and Manage SaaS applications in Windows Azure Active Directory
Once you have enabled the preview in your tenant, with a few simple steps you can now select from the list of applications that are pre-integrated in the application gallery under the “Applications” tab in the Active Directory section of the Windows Azure Management portal. Just click on the “Add” button in the tray at the bottom and follow the directions.
Fig 2: Manage your organization’s customer cloud-based applications as well as preintegrated SaaS applications using Windows Azure Active Directory.
Fig 3: SaaS App Gallery
Once you have selected a SaaS app, you can quickly configure it for use and assign it to your employee. We support a number of single-sign methods for the pre-integrated SaaS applications including SAML federation and password-based SSO.
For a set of SaaS apps, we are also previewing user provisioning and de-provisioning. This set includes Box.com, Salesforce.com and Gmail.
In the preview you can also review security reports associated with signons by your organization’s end users via the Access Panel or to Windows Azure, Office 365 or Windows Intune
Fig 4: Security reports on end-user access in Windows Azure AD.
For those of you who are using Office 365 you will find that Office 365 application access is automatically supported within the Windows Azure management portal and no additional configuration is required.
After you have selected and configured the SaaS applications you want to make available to your employees, any user you have assigned an application to in your Windows Azure AD tenant can single sign in to the applications using the access panel located at https://account.activedirectory.windowsazure.com/applications/.
I really hope you will sign up for the preview and give these new the application access enhancements a try. Again, just go to the Windows Azure Preview Features and opt in! Once you’ve given these new capabilities a trial run, we’d love to hear from you via the Windows Azure Active Directory forum!
Your feedback and suggestions are critical to use and we are looking forward to hearing from you.
And just one last reminder – there is no cost to participate in this preview. These identity and access management capabilities will be included as part of Windows Azure Active Directory when they reach general availability at no cost.
This is another step in our continuing effort to bring secure, enterprise grade identity and access management capabilities to Windows Azure. Over the coming months we’ll continue too add many new capabilities that support and augment this preview.
Alex Simons (Twitter: @Alex_A_Simons)
Director of Program Management