We are an classic ISV building a SaaS solution on Windows Azure. Up to now, we have been using a traditional design of custom made token service for authentication, with a SQL Azure backend for user management and control. Our client is a rich client, connecting through a REST service.
As our service grows, we are looking very interesting towards Windows Azure Active Directory, to replace our custom design and support enterprise deployment – however we seek guidance or insights how Windows Azure Active Directory would work in a multi-tenant, multi-identity environment.
In general we cluster our customers into three categories:
- Enterprise customers. Having on-premise Active Directory, often Office365 with DirSync and managing all users from local IT. They may have skills or knowledge around Windows Azure, Federation and Azure AD.
- Midmarket customers. Often with on-premise, though not always. Often (very few) with Office365 with DirSync managing users on-premises, or though the Microsoft Online Services Portal. They have no knowledge on Windows Azure or federated identity.
- Low-end customers. Always without any identity infrastructure like Active Directory. Some with Office365, managed through the MOP portal. Today, these customers manage their users through our management portal.
In replacing our custom solution, we look for a common design as simple as possible. We doubt that enterprise customer wish to allow us access to their Azure AD (on-prem for that matter). Secondly of all, we build a volume ISV solution, we cannot have a manual setup per customers to setup Azure AD – kind of the same design as Office365 where partners can setup the synchronization.
Our question is – can anyone share experience with a solution like the above, and secondly – will Microsoft provide libraries to manage tenant setup etc. so we can streamline provisioning?