Using OWA (Outlook Web Access) to get AD SSO

SaaS companies provide lots of software deployment ease as regards to updates of the software product. Where it gets tricky is the implementation rollout. Users typically have to re-create there user/ passwords on each SaaS vendor site.

Lots of new ideas about single sign on technologies are in discussions. Open Id being the most interesting of all. However, most corporate environments have yet to embrace it.

If we distill the problem of provisioning to just authentication (and relieving the pain of de-provisioning when an employee leaves), an interesting approach might be to leverage Outlook Web Access as a way to authenticate corporate customers.

OWA is typically bundled in Exchange server purchase, and if it is enabled and exposed on the internet, it makes for an easy way to get around the whole thorny issue. Now we can just use OWA protocol in our code to get the authentication going! This allows for a very lightweight AD (Active Directory) SSO.

The value that comes with it:

• User only knows his AD password
• If User leaves his company, he automatically loses access to his SaaS software

I have also written a small POC software tool for demonstrating the AD SSO. Here is the link.