Windows Azure Directory – Single Sign-On at its best

Hey there, here’s Martin again.

Inspired from the SCU Show (http://www.systemcenteruniverse.com/) in Houston, I liked to write a blogpost about the Single Sign-On Feature of Windows Azure Directory. Assuming that you already using Directory Synchronization and ADFS or Password sync, this Blog goes further, by showing, how to use SSO for Facebook or Twitter.

First you have to Login to your Windows Azure Portal, then click on “Active Directory” and then click on your Domain:

Then click on Applications in the upper area and click on “Add” at the bottom of the page:

The next wizard asks you, if you would like an already existing app, or if you would like an own created application. In this case I choose “Add an application for my organization to use”, and in the next wizard we can search for already existing site which are supported for Single Sign-On like Facebook, Twitter, WordPress, Yammer, Xing, etc…:

If you have selected your application, it will be added to your application list and automatically asks you to assign users:

Click on “Assign users” and in the user List afterwards mark the selected user and click on assign on the bottom of the page:

Then Azure asks you if you already know the Login credentials, usually not, and then you can confirm the assignment:

If the assignment is finished without any error Messages, you can now Login to the application page https://myapps.microsoft.com with your Domain Credentials. Then when you have added multiple Apps, it could Looks like this:

When the user now clicks on an application for the first time on a machine, it Needs to install an Add-On on the specific machine, local administrator rights are needed:

Mind to enable the Add-On after the Installation:

When you click on your application again after installing and enabling the Add-On you will be asked for the logon credentials for the specific application:

When you have entered your Information, you will be logged on automatically to your application.