locked
Azure Active Directory Access Control for Web and/or Apps in a On-Premise and Azure ADFS environment RRS feed

  • Question


  • Looking over several methods for claims/authentication for cloud based websites/apps, I ran into ACS, which seems to be what we need for any type of claims and/or authentication for Azure. I've never used ACS before, so if I sound like a newb, I am.

    The question I have is, we have an on-premise domain, which is linked to Azure using ADFS. I do not currently have any domain controllers in Azure for cloud based authentication.

    If we implement ACS, the app, or web page, will need to authenticate the User to the Identity Provider, which I assume right now is our on-premise active directory. Is that correct?

    I would rather have all authentication happen in the cloud, is there a way of having ACS authenticate against Azure AD without the need to come back to our on-premise servers, or do I need to build a Domain Controller in Azure to make this happen?


    • Edited by netlander Tuesday, February 24, 2015 5:56 PM
    Tuesday, February 24, 2015 5:54 PM

Answers

All replies

  • Hi,

    As per my research as you have on-premises domain linked to Azure using ADFS so it will try to authenticate there as per your assumption. 

    For authenticating everything on cloud it seems you need to create an ACS on Azure and then can manage over there. The guide which you linked mostly covered all the useful steps.
     
    High-lighting important points below:
    If you are already an Azure Active Directory customer who has your on premise Active Directory based identities sync to Windows Azure, you can leverage this post to use ACS as your Identity Provider directly, without ADFS in the middle.

    Use Cases:
    1. Enterprises with on premise active directory already directory synced with Azure AD or have Office 365 based user accounts and have already federated all of their partners with ACS
    2. Enterprises who do not want the overhead of deploying and maintaining an ADFS farm
    3. Infrastructure-free organizations that have all services already hosted in the public cloud and do not want to pursue the option of installing a local AD or AD FS instance.

    This post will guide you through the following steps:
    1. Create an Access Control Namespace on Windows Azure

    Hope it helps!

    Thanks.

    Dharmesh Solanki

    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Thursday, February 26, 2015 9:08 AM
  • Do you have a link to that?
    Friday, February 27, 2015 3:57 PM
  • Hi,

    Below is the link which you can refer.
    Setting up Windows Azure Active Directory ACS to provide identities to Windows Azure Pack
    http://blogs.technet.com/b/privatecloud/archive/2014/01/17/setting-up-windows-azure-active-directory-acs-to-provide-identities-to-windows-azure-pack.aspx

    Hope it helps!

    Thanks.

    Dharmesh Solanki

    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Saturday, February 28, 2015 2:20 AM