First published on CloudBlogs on Jun, 22 2013 by the Microsoft Azure Active Directory Team
In April 2013, we made Windows Azure Active Directory generally available to businesses and cloud application developers for use in production environments. Since then the ACS team has been asked: “What is the future of ACS?”
It is our plan to move the capabilities of ACS v2 into Windows Azure Active Directory over time. The end result will be a fully featured solution to meet your cloud identity needs
Access Control Service (ACS) makes it easier for cloud application developers to integrate their applications with popular social identity providers and with on-premises ADFS without requiring them to write custom code per identity provider. The rules engine of ACS v2 enables applications to transform claims in the incoming tokens to consistent claims understood by the application. ACS v2 however does not provide traditional directory constructs like users and groups, which limits its value to businesses that want to leverage a cloud identity system. Also, the model of federating on-premises ADFS with individual ACS v2 namespaces of various cloud applications may require businesses to maintain more than one federation relationship.
Windows Azure Active Directory is an identity service offering with rich identity, federation and directory capabilities. Organizations use Windows Azure AD to manage their identities and access control for their software-as-a-service applications. Large organizations are able to extend their existing on-premises AD authentication and authorization to application running in the cloud. Office365 and other Microsoft online services use Windows Azure AD. Customers can also use Windows Azure Active Directory to connect to and manage other 3rd party online services. In addition to ADFS, Windows Azure Active Directory supports federation with SAML based on-premises identity providers like Shibboleth. While they run as separate services today, over time we will add the capabilities of ACS to Windows Azure Active Directory. Because the two services share several features in common, if you are embarking on new development we would encourage you to look at Windows Azure AD as your first alternative followed by ACS v2