Let’s assume your business is looking at ways they can bring the following capabilities into their application:

• Provide single-sign on to application users
• Enhance the legacy application to use modern authentication with minimal effort
• Enforce multi-factor authentication for all logins outside the company’s network
• Develop an application to allow customers to enroll and securely manage their account data.

Then, Managing Identity using Azure Active Directory is the great choice for you.

SSO with Azure Active Directory

Azure Active Directory (AD) is a cloud-based identity service which has built in support for synchronizing with your On-premises Active Directory or can be used stand alone. So, all your applications which are running on-premises or any cloud platform, or even mobile can share the same credentials.

By leveraging Azure AD for SSO you’ll also have the ability to combine multiple data sources into an intelligent security graph. For more detail on Intelligent Security Graph, visit

https://www.microsoft.com/en-in/security/operations/intelligence

Also using Azure AD Connect, you can synchronize all on-premises directories which has newest capabilities than other identity integration tools like DirSync and Azure AD Sync.

Azure AD has built in Multi-factor Authentication (MFA) capabilities. Also, Azure AD will integrate with other third-party MFA providers. It’s provided free of charge to any user who has the Global Administrator role in Azure AD, as these are highly sensitive accounts. All other accounts can have MFA enabled by purchasing licenses with this capability and assigning a license to the account.

Conditional access policies

Azure Active Directory provides a conditional access policies (CAP) feature that includes support for access policies based on group, location, or device state. The location feature allows you to differentiate IP addresses that don’t belong to their network and satisfies their security policy to require multi-factor authentication from all such locations.

Securing legacy applications

Suppose you have administrative application hosted on-premises. Users currently authenticate to the application using Windows Integrated Authentication (WIA) from their domain-joined machines, behind the corporate firewall. Then, Azure AD Application Proxy is right choice to access your on-premises web applications from a remote client without any code changes. Remember Azure AD Application Proxy is Simple, Secure and Cost-effective.

Application Proxy includes both the Application Proxy service which runs in the cloud, and the Application Proxy connector which runs on an on-premises server. Azure AD, the Application Proxy service, and the Application Proxy connector work together to securely pass the user sign-on token from Azure AD to the web application.

The following diagram shows how Azure AD and Application Proxy work together to provide single sign-on to on-premises applications.

Azure AD B2C to manage consumer identities

Azure Active Directory (Azure AD) B2C is a business-to-consumer identity management service. This service enables you to customize and control how users securely interact with your web, desktop, mobile, or single-page applications. Using Azure AD B2C, users can sign up, sign in, reset passwords, and edit profiles.