Password Management through Azure Active Directory
by Kate Smith, Director, Sales & Marketing
In our day-to-day working lives, we spend most of our time online or connected in some way to the Internet. Personally, I am accessing numerous applications and websites during the day including Microsoft Office 365, Salesforce.com, Constant Contact as well as at least a dozen partner websites that all require a username and password to login. Following password management best practices, each site that requires me to login entails a separate and distinct email and password combination. Remembering these unique authentication credentials can be cumbersome to downright impossible. Fortunately, Microsoft has a wonderful tool to assist Office 365 users with security and productivity.
According to Microsoft, “As the number of SaaS apps grows, it becomes challenging for the administrators to manage accounts and access rights, and for the users to remember their different passwords. Managing these applications individually creates extra work and is less secure.” (Microsoft, 2017) When employees are tasked with keeping track of login credentials across multiple SaaS applications, websites, etc. we must assume there is some level of security compromise. In our dealings with customers, we have seen it all: employees who use one password or a few versions of one password for all their accounts, employees who save passwords in word documents or even worse on sticky notes around their desk, and employees who use a password manager through an application or via a USB drive.
Let’s consider another example. An employee has left the organization and the IT department needs to limit or remove account access across dozens of applications and sites. This is a huge time waste for an IT administrator who must manually revoke access to third-party apps and sites. Lastly, let’s consider an employee who maybe has interest in a new Microsoft Offering and sets up a trial account. Again, this account and credentials are outside of the scope of the IT department and are not guided by any security posture the organization has put in place to guard against security vulnerabilities. All the scenarios I have just described pose serious security concerns.
So how do organizations ensure security across SaaS applications and 3rd party websites while boosting employee productivity? “A solution for all of these challenges is single sign-on (SSO). It's the simplest way to manage multiple apps and provide users with a consistent sign-on experience. Azure Active Directory (Azure AD) provides a robust SSO solution and has many available pre-integrated applications, with tutorials for admins to quickly set up a new app and start provisioning users.” (Microsoft, 2017)
Microsoft Azure AD (Active Directory) allows IT departments to integrate applications and sites via two ways:
- "If the app is pre-integrated in the app Gallery, you can go through that portal to set up apps and configure the settings to allow SSO. For any Gallery app, you can get started by follow the simple step-by-step instructions presented in the app gallery and in the Azure portal to enable single sign-on.
- If the app is not in the Gallery, you can still set up most apps in Azure AD as a custom app. This requires a bit more technical expertise to configure. You can add any application that supports SAML 2.0 as a federated app, or any application that has an HTML-based sign-in page as a password SSO app.” (Microsoft, 2017)
For detailed information on how single sign-on through Azure Active Directory works, read the full documentation, Integrate Azure Active Directory Single Sign-on with Saas Apps.
Microsoft. (2017, February 2). Integrate Azure Active Directory single sign-on with SaaS apps. Retrieved from docs.microsoft.com: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-sso-integrate-saas-apps
About the Author
Kate Smith, SecurElement’s Director, Sales & Marketing is responsible for SecurElement’s overall sales and marketing strategy as well as ongoing partner relationships with organizations such as Microsoft, Cisco, Barracuda and many others.