Developer Preview of Windows Azure AD Provides Single Sign-On, Graph API

bloglogo[1]Your cloud applications can now take advantage of the same identity system that powers Office 365, Dynamics CRM Online and Windows Intune. More than 250,000 companies and organizations use Windows Azure Active Directory today to authenticate billions of times a week. With a new developer preview you can now use Windows Azure Active Directory as true Identity Management as a Service.

Windows Azure AD gives businesses and organizations their own cloud based directory for managing access to their cloud based applications and resources.

Windows Azure AD synchronizes and federates with their on-premise Active Directory extending the benefits of Windows Server Active Directory into the cloud.

What Windows Azure AD Brings You

Active Directory is most often used by midsize and large organizations where the substantial effort and cost necessary to build and keep an identity management system running have brought many benefits, including:

  • Single sign on (SSO) and access control across a wide range of applications and resources.
  • Sharing of information between applications—for example, information about people, groups, reporting relationships, roles, contact information, printer locations, and service addresses.
  • Information protection that enables encryption and controlled access to documents.
  • Discovery of computers, printers, files, applications, and other resources.
  • Tools to manage users, groups, and roles; reset passwords; and configure and distribute cryptographic keys, certificates, access policies, and device settings.

The release expands on the Access Control Service that you use to map credentials. Windows Azure Active Directory Developer Preview provides two new capabilities for developers to preview:

  • Web Single Sign-On makes it easy to build cloud applications that deliver a Single Sign-On (SSO) experience for users logging-on to their domain joined PCs, on-premises servers and other cloud applications like Office 365.
  • Graph API brings the enterprise social graph contained in Windows Azure AD and Office 365 (and thus Windows Server AD as well) to the Internet and creates an opportunity for a breadth of new collaborative applications to be created. And you can access details in Active Directory and execute create, read, update, and delete (CRUD) operations on Windows Azure AD objects such as user or group. [Read only is available in this preview.] In the on-premises world, you would usually access programmatically Windows Server Active Directory by using ADSI or ADO.NET libraries. In the cloud world, you programmatically access Windows Azure AD using Windows Azure AD Graph REST API.

When combined, you can create applications allows your users to sign on using credentials used in their organization already and helps you create new collaborative applications.

Guided Tour

An article by my colleague Haishi Bai provides a guided tour of Windows Azure Active Directory. It shows step-by-step how you can get started with the preview.

For More Information

For more information, see Announcing the Developer Preview of Windows Azure Active Directory.


Graph API. Java, PHP, and .Net code samples on GitHub. Windows Azure AD sample application.

Single sign on code samples and demo applications for Single Sign On:

Sample application for Windows Azure AD:


Bruce D. KyleTechnical Evangelist | Microsoft Corporation