Windows Azure Active Directory

Windows Azure Active Directory is a cloud service that provides identity and access capabilities for applications on Windows Azure and Microsoft Office 365. Windows Azure Active Directory is the multi-tenant cloud service on which Microsoft Office 365 relies on for its identity infrastructure. 

Windows Azure Active Directory utilizes the enterprise-grade quality and proven capabilities of Active Directory, so you can bring your applications to the cloud easily.  You can enable single sign-on, security enhanced applications, and simple interoperability with existing Active Directory deployments using Access Control Service (ACS), a feature of Windows Azure Active Directory. 

Some common benefits of the Access Control service include:

Security enhanced single sign-on

ACS gives end users a seamless, single sign-on experience across your cloud applications, while simplifying your development of cloud applications, so you don’t have to become an identity and security expert, implementing authentication and authorization on your own.

Flexibility to use your tools and social identities

With the ACS in Windows Azure Active Directory, you can use a single portal to manage all your users and groups across your cloud applications. ACS is compatible with virtually any modern web platform, including .NET, PHP, Python, Java, and Ruby, and has out-of-the-box support for popular web identity providers including Windows Live ID, Google, Yahoo!, and Facebook.     

Simple interoperability with your existing on-premises Active Directory

You can quickly extend your existing on-premises Active Directory authentication to your cloud applications through ACS. By using your existing user directory as the authoritative identity provider, users are authenticated to your cloud applications with their existing accounts.   

Capabilities and Benefits of Access Control Service

Open and built on industry standards

• Supports OAuth 2.0, WS-Trust, and WS-Federation protocols and the SAML 1.1, SAML 2.0, and Simple Web Token (SWT) token formats.

• Integrated and customizable Home Realm Discovery so users can choose their identity provider with support for Windows Live ID, OpenID 2.0, Google, Yahoo, Facebook, and enterprise providers such as Windows Active Directory.

Claims based access control and open programming model

• Interoperable with Windows Identity Foundation to provide a single, familiar programming model so you can quickly add identity and access control to your applications and move your apps between on-premises and the cloud.   
• Provides claims-based access control and an interoperable way for applications to acquire the necessary user identity information.
   
• For more information refer to Windows Azure Active Directory Solutions for Developers

Administration Portal

• Browser-based portal to integrate ACS with your applications and set up authentication and authorization rules used to govern cloud applications access.
• The management portal allows administrative access to the ACS configuration with an Open Data Protocol (OData)-based management service that provides access to the ACS configuration.

Pricing and Metering for Access Control service

Access Control is included in the subscription offers, as well as the Pay-As-You-Go offers. The Pay-As-You-Go Access Control price is $1.99 per 100,000 transactions. However, we are running a promotion and will provide free use of the service through December 1^st, 2012.  Plus, if you purchase subscription offers or the Introductory Special Pay-As-You-Go Plan, you will not be charged for any overage beyond the allotted amount that is part of your offer. Access Control pricing includes token requests and management operations, plus associated data transfer.

Visit MSDN to get in-depth information on Access Control pricing.