Azure Stack authorization leverages the Azure authorization management service. For general availability, there are three different authentication designs. There's a good chance there's an authentication design available that works for most companies.

The Azure authorization management service works based on Azure Active Directory (Azure AD), which is a multi-tenant, cloud-based identity-management service.

This means that each Azure Stack environment needs to have proper internet connectivity; otherwise, no authentication is possible. This makes life quite easy, but service providers or hosters (and even some medium and larger companies) especially do not allow communications from their internal infrastructure-management environment to the internet (public Azure) for authentication. This security requirement makes the creation of a Proof of Concept (POC) not as easy as before.

Starting with TP3 there is support for Active Directory Federation Services. This service provides single sign-on (SSO) and secure remote access for web applications hosted on premises. In addition, it ensures that authentication is possible even if the connection to Azure AD is not available for a certain amount of time.