KuppingerCole Report
By Martin Kuppinger

Single Sign-On and Managed Access to all Applications from the Cloud

With more and more organizations following a “cloud first” strategy, IT infrastructure and security services also must shift to the cloud, where increasingly more of the critical workloads reside. However, the IT of most organizations will remain hybrid for long. Thus, there is a need of comprehensive authentication and single sign-on services, supporting all applications such as SaaS apps, on premises applications, and custom-built applications, delivering a seamless user experience for accessing these. Microsoft Azure Active Directory (Azure AD) provides a strong foundation for delivering such services, with deep integration to cloud apps while supporting legacy applications and services.

Commissioned by Microsoft

1 Introduction

Many if not most organizations today are following a “cloud first” strategy, with lifting & shifting existing applications to the cloud, and with preferring new application procurement and deployment in as-a-service models. While cloud services are easy to deploy and commonly come with modern user experience, this shift also introduces new challenges to both the users and to IT and security management.

One of these challenges is that, while shifting to the cloud, the reality of most businesses will remain hybrid for many years, if not forever. Even if data centers are closed and workloads are moved to managed service providers running what then is called a “private cloud”, it is still about running legacy IT in a closed-down, private environment, alongside all the new SaaS services deployed from the public, multi-tenant cloud.

From both the user experience and the IT perspective, this factually means that challenges double. Users must access applications both on premises and in the cloud, and IT must manage and protect applications in both worlds. Altogether with the shift to new work experiences such as “work from home”, there is a need for providing a consistent user experience and management of hybrid IT environments. Solutions must reflect the hybrid reality of businesses and their IT.

Within these challenges, providing seamless access and integration with the wide range of solutions running on premises is by far the biggest challenge. However, integration with major SaaS services must also be solved, including the specifics some of the major environments such as Salesforce, SAP S/4HANA, AWS, Workday or ServiceNow have. Providing single sign-on to modern SaaS services is the simple part of the journey to the cloud – the challenge is supporting all services, i.e. the full range of services within the hybrid IT reality of today’s businesses.

Microsoft Azure Active Directory is an obvious solution for many organizations when selecting their solution for authentication and single sign-on to services, and as a central element within their future Identity Fabric, a logical architecture for delivering a consistent set of Identity Services, across all types of applications and users. Most businesses have an Active Directory in place in their on premises infrastructure, and a very significant number of organizations has opted for Microsoft Office 365, which relies on Microsoft Azure Active Directory (Azure AD).

In sum, Microsoft comes with a comprehensive, leading-edge approach for providing access to all types of applications, such as SaaS apps, on premises apps, and custom-built applications, to users, based on Microsoft Azure AD. For organizations, this provides a strong offering for a migration away from on premises Active Directory to Azure AD as the future cornerstone of user authentication and access services, and their future Identity Fabric.

With the shift of IT to the cloud in consequence of “cloud first” strategies, it is time for businesses to reconsider their approach on IAM in general, and to shift to a modern, central cloud service. With the shift of businesses to the cloud, IT infrastructure and security services also must shift to the cloud, while further supporting the hybrid IT reality of businesses.

2 Highlights

  • The impact of “cloud first” strategies and a shift to SaaS on IT infrastructure services, specifically IAM and security
  • The user challenge: Consis ...
Login Get full Access

3 The Need for Unified Application Access and Single Sign-On

The IT of most organizations will remain hybrid. However, with adding SaaS services, there is an emerging need for unified application access and sing ...

Login Get full Access

4 The Hybrid Reality of Businesses: Supporting Legacy from the Cloud

Single sign-on to SaaS services is not sufficient – there are more challenges to solve, such as the integration with legacy IT applications, and fed ...

Login Get full Access

5 Beyond Single Sign-On: Provisioning, Identity Management, Security

Adaptive Authentication, federated provisioning, and additional security services are required for comprehensive solutions. The Identity Fabric paradi ...

All this requires a strategic approach for modernizing IAM, well-beyond just providing a solution for single sign-on. KuppingerCole has described this ...

Login Get full Access

6 Microsoft Azure Active Directory: Managing & Securing Access to all Apps

Microsoft Azure Active Directory delivers a range of integration options to virtually all types of applications, both SaaS services, legacy and on pre ...

Azure AD also provides direct, standards-based integration to a wide range of SaaS services, as well as forms- and password-based authentication to th ...

Login Get full Access

7 Action Plan for Shifting to a General Cloud Service for Hybrid App Access

Providing seamless access for users to all services they need is part of a bigger strategy, based on a “cloud first” strategy, following the parad ...

Login Get full Access


©2021 KuppingerCole Analysts AG all rights reserved. Reproduction and distribution of this publication in any form is forbidden unless prior written permission. All conclusions, recommendations and predictions in this document represent KuppingerCole´s initial view. Through gathering more information and performing deep analysis, positions presented in this document will be subject to refinements or even major changes. KuppingerCole disclaim all warranties as to the completeness, accuracy and/or adequacy of this information. Even if KuppingerCole research documents may discuss legal issues related to information security and technology, KuppingerCole do not provide any legal services or advice and its publications shall not be used as such. KuppingerCole shall have no liability for errors or inadequacies in the information contained in this document. Any opinion expressed may be subject to change without notice. All product and company names are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

KuppingerCole Analysts support IT professionals with outstanding expertise in defining IT strategies and in relevant decision-making processes. As a leading analyst ompany, KuppingerCole provides first-hand vendor-neutral information. Our services allow you to feel comfortable and secure in taking decisions essential to your business.

KuppingerCole, founded in 2004, is a global, independent analyst organization headquartered in Europe. We specialize in providing vendor-neutral advice, expertise, thought leadership, and practical relevance in Cybersecurity, Digital Identity & IAM (Identity and Access Management), Cloud Risk and Security, and Artificial Intelligence, as well as for all technologies fostering Digital Transformation. We support companies, corporate users, integrators and software manufacturers in meeting both tactical and strategic challenges and make better decisions for the success of their business. Maintaining a balance between immediate implementation and long-term viability is at the heart of our philosophy.

For further information, please contact clients@kuppingercole.com.