Directory integration overview
Updated: February 28, 2013
If your organization uses an on-premises directory service, you can integrate it with your organizations Windows Azure AD tenant to automate cloud-based administrative tasks and to provide your users with a more streamlined sign-in experience. Windows Azure AD supports the following two directory integration capabilities:
Directory synchronization - Used to synchronize on-premises directory objects (users, groups, contacts) to the cloud to help reduce administrative overhead. Directory synchronization is also referred to as directory sync.
Once directory synchronization has been set up, administrators can provision directory objects from your on-premises Active Directory into your tenant. For more information about how directory data stored in your tenant can be managed, see Administering your Windows Azure AD tenant.
For general information about directory sync, see Configure directory synchronization.
Single sign-on (SSO) - Used to provide users with a more seamless authentication experience as they access Microsoft cloud services while logged on to the corporate network. In order to set up single sign-on, organizations need to deploy a security token service on premises. For more information about security token services that work with Windows Azure AD, see Single sign-on roadmap.
Once single sign-on has been set up, users can use their Active Directory corporate credentials (user name and password) to access the services in the cloud and their existing on-premises resources.
For general information about single sign-on, see Configure single sign-on.
For more information about ways you can use directory integration in your organization, see Directory integration scenarios.
ConceptsWhat is a Windows Azure AD tenant?