Organizations that use Microsoft Azure Active Directory for managing corporate identities can leverage this infrastructure for authenticating into SAC. Both end-user and administrator identities can be used to provide Role Based Access Control to various corporate resources and services.

When authenticating via Azure Active Directory, SAC leverages the Federated Identity Provider capabilities, redirecting the user to authenticate with Azure AD, while keeping the user's identity for SSO to applications that support Azure AD Authentication.

Schematically, the work with Azure AD looks like the below:

Azure_Active_Directory_Authentication.PNG

A similar configuration may be used to perform authentication via the on-premises Microsoft Active Directory Federation Services (ADFS) infrastructure going through Azure AD. In order to do that, Azure AD Connect component should be used to synchronize the on-premises directory to the cloud.

When working with Azure AD Connect, the configuration looks schematically like the below:

 Azure_Active_Directory_Authentication_with_Azure_AD_Connect.PNG

Attached document describes the configuration steps that need to be taken in order to configure Azure Active Directory as an Identity Provider used for authentication by SAC. In order to configure authentication with Active Directory Federation Services, first integrate ADFS through Azure Active Directory, then configure Azure Active Directory as an Identity Provider for SAC.