Skip to main content

Microsoft Azure: Authentication and Authorization


Identity Management is one of the most important topic in cloud, especially in public cloud. This blog covers identity management for Microsoft Azure.

If you look at the customer that needs access to public cloud, there are three ways it can access cloud or we can say there are three types of customers: Large enterprise, small enterprise and someone working from home and accessing Azure.

lets start explaining each one of them
Large Enterprises: Integrating a Subscribers Own Identity Mechanism



uA large enterprise subscriber, authenticate with  own identity provider (step 1), in this case Active Directory Federation Services (ADFS).
uAfter successfully authenticating a user, ADFS issues a token. The client browser forwards the token to the Azure  federation provider that trusts tokens issued by customer’s ADFS (step 2) and,
u if necessary, performs a transformation on the Customers claims in the token into claims that  SAAS application recognizes (step 3) before returning a new token to the client browser.

uThe application trusts tokens issued by the Azure federation provider and uses the claims in the token to apply authorization rules (step 4). 


Small Enterprises:Providing an Identity Mechanism for Small Organizations
uA smaller company, authenticate with the Azure identity provider (step 1) because their own Active Directory can’t issue tokens that will be understood by the Azure federation provider.
uIf the Azure  identity provider can validate the credentials, it returns a token to the client browser that includes claims such as the user’s identity and the tenant’s identity. The client browser forwards the token to the Azure federation provider that trusts tokens issued by azure identity provider (step 2)
uIf necessary, performs a transformation on the Azure identity provider claims in the token into claims that SAAS Application recognizes (step 3) before returning a new token to the client browser.

uThe application trusts tokens issued by the Azure federation provider and uses the claims in the token to apply authorization rules (step 4).

 working from home and accessing Azure:Integrating with Social Identity Providers

ufederation provider is configured to trust tokens issued by a third-party identity provider, such as an identity provider that authenticates a Microsoft account or OpenID credentials. Ycompany plans to use Windows Azure Access Control to implement this scenario.
uWhen an individual user authenticates with his or her chosen identity provider (step 1), the identity provider returns a token to the client browser that includes claims such as the user’s identity.
uThe client browser forwards the token to the Azure federation provider that trusts tokens issued by the third-party provider (step 2) and
uIf necessary, performs a transformation on the claims in the token into claims that Azure application  recognizes (step 3) before returning a new token to the client browser.
uThe application trusts tokens issued by the federation provider and uses the claims in the token to apply authorization rules (step 4). When the user tries to access their surveys, the application will redirect them to their external identity provider for authentication.

Popular posts from this blog

HP CSA Implementation

I know the above picture is little confusing but don’t worry I break it down and explain in detail. By the time I am done explaining you all will be happy. HARDWARE AND SOFTWARE REQUIREMENTS 1.VMware vSphere infrastructure / Microsoft Hyper V: For the sake of Simplicity we will use VMware vSphere. We Need vSphere 4.0 /5/5.5 and above and vCenter 4.0 and above ready and installed. This is the first step. 2.We need Software medias for HP Cloud Service Automation, 2.00, HP Server Automation, 9.02, HP Operations Orchestration (OO)9.00.04, HP Universal CMDB 9.00.02, HP Software Site Scope, 11.01,HP Insight Software6.2 Update 1 3.DNS, DHCP and NTP systems are already installed and configured. NTP information should be part of VM templates 4.SQL Server 2005 or Microsoft® SQL Server 2008 or Microsoft® SQL Server 2012 , Oracle 11g, both 32-bit and 64-bit versions may be used for CSA database.
5.We will install  HP Cloud Service Automation, 2.00, HP Server Automation, 9.02, HP Operations Orchestra…

Data Center Migration

Note: This blog is written with the help of my friend Rajanikanth
Data Center Migrations / Data Center Consolidations
Data Center Consolidations, Migrations are complex projects which impact entire orgnization they support. They usually dont happen daily but once in a decade or two. It is imperative to plan carefully, leverage technology improvements, virtualization, optimizations.
The single most important factor for any migration project is to have high caliber, high performing, experienced technical team in place. You are migrating business applications from one data center to another and there is no scope for failure or broken application during migration. So testing startegy should be in place for enterprise business applications to be migrated.
Typical DCC and Migrations business objectives
Business Drivers
·Improve utilization of IT assets ·DC space & power peaked out - business growth impacted ·Improve service levels and responsiveness to new applications ·Reduce support complexi…

Openstack- Its importance in Cloud. The HP Helion Boost

Every enterprise expects few things from cloud computing, mainly:

· Auto scaling: The workload should increase and decrease as needed by the IT environment.

· Automatic repair: If there is any fault or crash of the application or the server, it automatically fix it

· Fault tolerant: The application or underlying technology is intelligent enough to make itself fault torrent

· Integrated lifecycle: It should have integrated lifecycle

· Unified management: Its easy to manage all different aspects of technology

· Less cost

· Speed


Its year 2014. till now only 5% to 7% enterprises are using cloud computing. Such a small number. Its a huge opportunity and a vast majority for anyone who is interested in providing cloud computing services.
Current IT environment is very complex. You just cant solve all your problems with cloud computing.
There are legacy systems, databases, data processors, different hardware and software. You name it , there are so many technology available in just o…