Can I use Azure for SSO to multiple websites

Question

Hi,
by way of introduction: I am a studying System and Network Engineer and am doing an internship right now. For my thesis I will be diving into the world of On Premise AD combined with Azure AD.
My question : the company where I'm doing my internship builds custom machines and they use a lot of webshops to order parts and tools. Right now they just have an excel file with all the account information for these webshops, which is obviously far from ideal.
Reading docs on Azure and watching some YouTube explanations, I got the idea of using Azure as a means of SSO to make this more secure. I thought if a webshop could somehow be integrated as an application, then we could just make groups with the users that have access to certain webshops and link those groups to the webshop 'applications'. That way, when an employee that had access to these webshops with the company acccount leaves, he/she would automatically lose that access since it's linked to the Azure AD account.
Am I thinking to simple? Is this at all possible?
I welcome any insight on this.

Kind regards,
Edwin

Answer 1

Hi Edwin,

Thank you for posting your query. You are absolutely right, when you use Azure AD, you can simplify your identity management. Azure AD takes care of your users and authentication. Your application can focus on the business logic, without worrying the usermanagement.

When you have many applications in an organization, integrating the application with Azure AD simplifies the user experience, as the users will be able able to access various applications using their Azure AD account.

The following guide will help you how to set up Azure AD sign in to a web application.

https://learn.microsoft.com/en-us/azure/active-directory/develop/web-app-quickstart?pivots=devlang-aspnet-core
https://learn.microsoft.com/en-us/azure/active-directory/develop/scenario-web-app-sign-user-overview?tabs=aspnetcore&view=aspnetcore-6.0

To Answer your query, "Is that possible", - Yes it is possible and is already available for you. Refer the quick start guides and start building.

Answer 2

Hello @ @Edwin Rombouts ,

In addition to what sreejukg suggested, There are several ways you can configure an application for SSO. Choosing an SSO method depends on how the application is configured for authentication.

• Cloud applications can use OpenID Connect, OAuth, SAML, password-based, or linked for SSO. Single sign-on can also be disabled.
• On-premises applications can use password-based, Integrated Windows Authentication, header-based, linked for SSO. The on-premises choices work when applications are configured for Application Proxy.

This flowchart can help you decide which SSO method is best for your situation.

The following SSO protocols are available to use:

• OpenID Connect and OAuth - Choose OpenID Connect and OAuth 2.0 if the application you're connecting to supports it. For more information, see OAuth 2.0 and OpenID Connect protocols on the Microsoft identity platform. For steps to implement OpenID Connect SSO, see Set up OIDC-based single sign-on for an application in Azure Active Directory and Microsoft identity platform code samples
• SAML - Choose SAML whenever possible for existing applications that do not use OpenID Connect or OAuth. For more information, see Single Sign-On SAML protocol. For a quick introduction to implementing SAML SSO, see Quickstart: Set up SAML-based single sign-on for an application in Azure Active Directory.

To learn more, refer, to following guidance plan a single sign-on deployment. I hope this was helpful.

-----
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.