Azure Active Directory for Azure Stack

If your Azure Stack environment is able to connect to the internet directly, Azure AD is the preferred authentication mechanism. This means Azure Stack will directly interoperate with Azure AD for user authentication. The appropriate authentication token will be provided from Azure AD and passed to Azure Stack using the internet. With this user ID, Azure Stack decides all permissions based on the defined RBAC model and provides access to the corresponding services.

Azure AD is a cloud-based authentication service with 99.9% SLA. It provides a token-based authentication model and can be extended with multi-factor authentication services. Depending on the network security in the infrastructure where Azure Stack has been placed, this authentication provider may or may not be available.

Choosing Azure AD as the authentication solution, you could connect different Azure AD services to your Azure Stack. There is no need to have 1:1 connectivity. So Azure AD as the authentication solution gives you a way to have 1:N connectivity, and support as many Azure Ads as you need.

This may be the best solution for you if you are a service provider, or even acting as one although you are not a real one.

If Azure Stack live in a highly secure environment, choosing this authentication provider may not be possible. This means that you would need a completely disconnected scenario.