Scott Guthrie announced in his blog last week a host of new additions to Windows Azure. One of the significant additions is the improvements in the Active Directory Services, in particular addition of quite a few popular SaaS based applications that can now leverage Active Directory Services. In this post today we will explore adding GitHub as a SaaS application for Single Sign-On (SSO) with AD users. In a future post we will explore the Active Directory Premium features (still awaiting confirmation from Microsoft for the preview).
Active Directory SSO with SaaS Applications
Active Directory now supports SSO with more than 600 SaaS based applications including support for integration with GitHub. So far AD integration with GitHub was limited to configuring LDAP only for GitHub enterprise, or using third party solutions like OneLogin. This however becomes very easy with Windows Azure Active Directory Services supporting GitHub as one of the SaaS applications. To configure, login to your Windows Azure account and navigate to the Active Directory menu. Click on the Directory where you want to create the GitHub SaaS application. Under the Applications tab inside the directory, click on the Add Application link. You will be displayed a dialog with all supported SaaS applications. Select GitHub from the Developer Services list.
Once you have added the application, you will be presented the options to configure SSO with GitHub.
There are two things you need to do. First, you need to configure the SSO service. In this, either you can choose the option to use an existing SSO, or specify that you will provide the credentials for GitHub accounts.
Next you need to assign users access on GitHub. When you click the Assign users button, you will be redirected to the Application users page, where you can add / edit users and assign them to the application.
On this page, you will see the AD users. Click Assign to provide permissions to the selected user to access GitHub. The Assign button will prompt you to enter the relevant GitHub credentials if you had chosen to enter credentials in the first step.
That’s it! Your AD users are now setup to access GitHub. Navigate to the
http://myapps.microsoft.com/site, and login with your Azure credentials. You will see the list of applications that has been integrated with Windows Azure Active Directory Services, and you have access to.
Clicking on GitHub under the applications tab will take you to GitHub and will have automatically logged you in with the mapped credentials.
Note: You must have installed the Access Panel Extension browser add-on to be able to navigate to the SaaS applications. You will be prompted if you don’t have it already installed.