Published: April 7, 2011
Updated: June 20, 2014
Applies To: Azure
Microsoft Azure Active Directory Access Control (also known as Access Control Service or ACS) is a cloud-based service that provides an easy way of authenticating and authorizing users to gain access to your web applications and services while allowing the features of authentication and authorization to be factored out of your code. Instead of implementing an authentication system with user accounts that are specific to your application, you can let ACS orchestrate the authentication and much of the authorization of your users. ACS integrates with standards-based identity providers, including enterprise directories such as Active Directory, and web identities such as Windows Live ID (Microsoft account), Google, Yahoo!, and Facebook.
|As of May 19, 2014, new ACS namespaces cannot use Google as an identity provider. ACS namespaces that used Google and were registered before this date are unaffected. For more information, see Release Notes.|
ACS enables authorization decisions to be pulled out of the application and into a set of declarative rules that can transform incoming security claims into claims that applications and services understand. These rules are defined by using a simple and familiar programming model, resulting in cleaner code.
ACS can also be used to manage client permissions, thus saving the effort and complexity of developing these capabilities.
ACS is compatible with most popular programming and runtime environments, and supports many protocols including Open Authorization (OAuth), OpenID, WS-Federation, and WS-Trust.
The following features are available in ACS:
Integration with Windows Identity Foundation (WIF)
Out-of-the-box support for popular web identity providers including Windows Live ID (Microsoft account), Google, Yahoo, and Facebook
Out-of-the-box support for Active Directory Federation Services (AD FS) 2.0
Support for OAuth 2.0 (draft 13), WS-Trust, and WS-Federation protocols
Support for the JSON Web Token (JWT), SAML 1.1, SAML 2.0, and Simple Web Token (SWT) token formats
Integrated and customizable Home Realm Discovery that allows users to choose their identity provider
An Open Data Protocol (OData)-based management service that provides programmatic access to the ACS configuration
A browser-based management portal that allows administrative access to the ACS configuration
ACS is compatible with virtually any modern web platform, including .NET, PHP, Python, Java, and Ruby. For a list of ACS requirements, see ACS Prerequisites.
For a quick guide on getting started with ACS, see ACS Fast Track.