News

Microsoft Opens Up Cloud ID Management to Developers

This preview release only supports the PowerShell-based IT administrator tool, but support for a GUI-based management module is coming.

• By Kurt Mackie
• 07/17/2012

Cloud identity management is a key aspect of helping grow cloud-based computing, since clouds have particular security concerns.

Toward that end, Microsoft has enhanced the June Developer Preview of Windows Azure Active Directory with two additions aimed at opening up the service to third party developers.

The cloud identity management service, which is used in Office 365, Dynamics CRM Online and Windows Intune, was incorporated into the spring release of Windows Azure, according to a "Reimagining Active Directory for the Social Enterprise" blog by Microsoft Technical Fellow John Shewchuk. The Developer Preview was formally launched on June 7th.

The additions last week to the Developer Preview support a couple of key new features. One is a REST-based directory Graph API, which allows an application to tap Windows Azure AD data. The other is Web single sign-on capability that developers can use to build cloud-based applications that will have a single user log-on experience across applications including Microsoft's Office 365 cloud-based apps.

Microsoft is still building out its Windows Azure AD capabilities, so this preview release only supports the PowerShell-based IT administrator tool, according to a blog by Alex Simons, director of program management for Microsoft's Active Directory Division. However, support for a GUI-based management module will arrive with a future release, he promised. The preview release also currently lacks "an AuthenticationStatement" for SAML 2.0 tokens, which could limit the federation capabilities of some third-party applications.

While Microsoft's announcement is primarily targeted at independent software developers, it may also be of interest to IT professionals checking Microsoft's progress in creating a single cloud-based repository to support organizational identity management needs. For instance, the advantages of using Windows Azure AD and Windows Intune to manage mobile devices was demonstrated at TechEd Europe last month by Brad Anderson, Microsoft's corporate vice president of the Management and Security Division. He described Microsoft's concept of how Windows Azure AD can be leveraged to impose governance and control over "unmanaged" mobile devices.

Microsoft lately has been providing fuller explanations about how Windows Azure AD will work. For instance, users of Office 365 and Windows Intune services already use Windows Azure AD in the background. It's offered as part of those services at no extra cost.

In general, Microsoft took a new approach to Active Directory when it enabled it for the cloud via Windows Azure AD. While Active Directory is the familiar Windows component that lets IT professionals set local network access privileges in their computing environments, Microsoft officials have described broader ideas for Windows Azure AD. They've promised that Windows Azure AD will enable single sign-on access across Office 365 cloud apps and other Microsoft applications. Windows Azure AD currently supports identity integration with social networking services, such as Facebook. Finally, Microsoft is finalizing the APIs to enable the sharing of Windows Azure AD data with applications built by third-party software vendors.

Developers interested in getting the Developer Preview can access a free trial of the Windows Azure service here. Links to various Windows Azure software development kits can be found here. In addition, Microsoft has uploaded a lot of test code, which is referenced in Simons' blog post here.