Thursday, May 9, 2013

Part-2: Setting up standalone windows azure active directory federation for you application


After setting up WAAD, we are ready to integrate single sign on with our application. Before starting integration please make sure that you have installed following extension for VS2012.

· Identity and access tool extension for VS 2012.


If we have this extension, we are ready to go for integration. Please follow steps given

· Right Click on Web application project, from context menu choose “Identity and Access”.


· On the next screen select option “Use a business identity provider”.


1) Add “APP ID URI” same, as you have provided while creating Integrating App on WAAD.

2) Click ok.

This will create necessary web configuration, to integrate WAAD with our application.

For more detail please look at

Part-1: Setting up windows azure active directory

To authenticate users on application, we can setup windows azure active directory released by Microsoft recently. To start any operation in the application user have to login in the application.

To setup WAAD, we need to have a windows azure subscription. After having active subscription, we can follow below steps to setup it for your application.

Create windows azure active directory:

If you have not created any WAAD, you can create new WAAD by clicking on “Active Directory” tab on the left hand side of windows azure management portal.


And then by clicking the “Create your directory” link within it, you will see the “Create Directory” window.


Domain Name: This field is the part of the directory tenant domain name that is specific to your tenant, what distinguishes it from every other directory tenant. The Domain name must be unique.

Country or Region: The value selected in this dropdown will determine where your tenant will be created.

Organization Name: This field is required; this name will be displayed as company name, where ever required.

Manage users in WAAD:

Once WAAD is created, you will see it under “Directory” tab. We are going to add a user as “Global Administrator”. We can also add normal users.

Create windows azure active directory:


We can add more users in the directory by clicking on “ADD USER” link at the bottom of the window.


When you click on Add User, you will see below screen. Enter details. Click Next.


On the below screen we are creating a user as “Global Administrator”, we can also create normal “User”. Ideally we doesn’t need “Global Administrator”, we need this user only when we need to do some operation on WAAD using PowerShell.


Finally click on “Create”, this will create new user in WAAD.


Add integrated application:

For adding user we were working on the “USERS” tab, now for adding application we will be working on the “INTEGRATED APPS” tab.

On the integrated apps tab, you will find “ADD” button at the bottom of the screen.

Click on add button.



On the next screen add app name, and choose “Single Sing On”. Here SSO, means this application will only uses Single Sign-On feature on the WAAD.

Click on next button.


On the next screen, you will be asked for APP URL and APP ID URI.

“APP URL” should be same as the web application address, you wanted to integrate with WAAD.

And “APP ID URI” is unique identifier, it distinguish all your application in your WAAD. It is good practice to keep it same as “APP URL”.


Before we start integration, the application which we have just created will be displayed as new entry under “INTEGRATED APPS” tab.

When you click on newly created app, it will show configuration window for integrated app. From the section enable single sign-on with Windows Azure AD, make note of FEDERATION METADATA DOCUMENT URL.


We will need this URL to integrate WAAD Single sign-on with our application.

At this point we have done all the configurations, which needs to be done on WAAD. We are ready to integrate WAAD in our application.

For more detail please look at