Skip to main content

Your submission was sent successfully! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates from Canonical and upcoming events where you can meet our team.Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

  1. Blog
  2. Article

Massimiliano Gori
on 20 April 2023

Azure AD authentication comes to Ubuntu Desktop 23.04


Ubuntu Desktop 23.04 is the first and only Linux distribution to enable native user authentication with Azure Active Directory (Azure AD). The adoption of cloud-based identity providers in the enterprise is skyrocketing and this has been one of the most requested features. With Ubuntu Desktop 23.04 we decided to act on the feedback and offer a way to natively let enterprise users authenticate Ubuntu Desktops with the same credentials they use for Microsoft 365 or their Windows clients.

This is made possible thanks to the aad-auth package, currently in public preview. This feature is available to try in Ubuntu 23.04 and will be later ported to LTS versions of Ubuntu.

Why Ubuntu Desktop authentication is moving to the cloud

Remote working and the operational challenges involved in adequately securing on-premise Active Directory tenants are only a few of the factors that are driving the meteoric rise in adoption of cloud identity providers. The most popular among these is Azure AD, particularly because it is the backbone component of Microsoft 365, Azure and Outlook.

Despite having a similar name, Active Directory Domain Services (the traditional, on premise AD) and Azure Active Directory make use of fundamentally different technologies and protocols. While the latter relies on older technologies like Kerberos, Azure AD makes use of the more internet friendly OpenID Connect protocol. This allows user authentication to be performed securely over the internet, without the need for complex VPN setups. 

Linux workstations are one  of the latest systems that require organisations to run on premise tenants, or implement complex and costly configurations involving third party access gateways or AD connect services. By bringing native Azure AD authentication to Ubuntu desktops and servers we aim to remove this need, allowing IT administrators to complete their Identity Provider SaaS transition, unifying Windows and Linux workstation access on the cloud and reducing their identity attack surface area.

Integrate Ubuntu Desktop with Azure AD

We have released the following video to show how easy it is to configure Azure AD authentication with your desktop:

Azure AD authentication for Ubuntu video tutorial

Since Azure AD uses a different protocol stack than AD Domain Services we decided to build a new client rather than integrating the new features in SSO. When installed, aad-auth creates the following components:

  1. A PAM module for authentication.
  2. An NSS module to query the password, group and shadow databases.
  3. A command line tool to manage the local cache for offline authentication and the system’s configuration.

Giving users access to their desktops is made possible by creating an enterprise application in Azure AD and adding its details in the package configuration files. Access controls can then be performed in Azure AD by adding or removing users or groups to the application. 

It is also important to note that the desktop needs to be connected to the internet and able to reach the configured Azure AD tenant for the authentication to occur. However, should that not be possible,  credentials can be cached for a preconfigured period of time (the default is 90 days, mirroring Windows behaviour).

Get the new feature

The new feature is available today in public preview and freely available for all Ubuntu Desktop 23.04 users. We encourage everyone to try out the new features and provide feedback or suggestions through Github.

In the coming months we are planning to improve the package based on your feedback and port it to the latest LTS version of Ubuntu Desktop, making it available for free. 

If you want to learn more about Ubuntu Desktop, Ubuntu Pro or our other advanced Active Directory integration features please do not hesitate to contact us to discuss your needs with one of our advisors.

Find out more

Related posts


Massimiliano Gori
16 September 2024

Announcing Authd: OIDC authentication for Ubuntu Desktop and Server

Ubuntu Article

Today we are announcing the general availability of Authd, a new authentication daemon for Ubuntu that allows direct integration with cloud-based identity providers for both Ubuntu Desktop and Server. Authd is available free of charge on Ubuntu 24.04 LTS. At launch, Authd supports Microsoft Entra ID (formerly Azure Active Directory) ident ...


Luci Stanescu
28 October 2024

Imagining the future of Cybersecurity

Ubuntu Security

October 2024 marks the 20th anniversary of Ubuntu. The cybersecurity landscape has significantly shifted since 2004. If you have been following the Ubuntu Security Team’s special three-part series podcast that we put out to mark Cybersecurity Awareness Month, you will have listened to us talk about significant moments that have shaped the ...


Canonical
10 October 2024

Canonical Releases Ubuntu 24.10 Oracular Oriole

Cloud and server Article

The latest release of Ubuntu delivers a cutting edge kernel and enhanced desktop security. 10 October 2024 Today Canonical announced the release of Ubuntu 24.10, codenamed “Oracular Oriole,” available to download and install from ubuntu.com/download. Ubuntu 24.10 delivers the latest kernel, toolchains and GNOME 47 desktop environment alon ...