Access Control Namespace

  • Article

Updated: June 19, 2015

Applies To: Azure

Important

As of May 19, 2014, new ACS namespaces cannot use Google as an identity provider. ACS namespaces that used Google and were registered before this date are unaffected. For more information, see Release Notes.

An Access Control namespace is a top level partition of Microsoft Azure Active Directory Access Control (also known as Access Control Service or ACS) that forms a boundary around the following ACS endpoints:

  • **Security Token Service (STS)—**The set of endpoints that issue security tokens to your relying party applications.

  • Management Service—A service that allows an Access Control namespace to be managed programmatically using the Open Data (OData) protocol.

  • Management Portal—A web-based user interface for managing the configuration of an Access Control namespace.

  • Service Metadata—Endpoints for publishing namespace configuration information, which includes WS-Federation Metadata, WS-Metadata Exchange, and the Home Realm Discovery feed.

The boundary formed by an Access Control namespace is expressed in the form of URI subdomains. For example, if your Access Control namespace is called “contoso,” your Access Control namespace resources are available at URIs where the first subdomain is “contoso” (as shown in the following table).

Resource URI

Management Service

https://contoso.accesscontrol.windows.net/v2/mgmt/service

Management Portal

https://contoso.accesscontrol.windows.net

OAuth WRAP

https://contoso.accesscontrol.windows.net/WRAPv0.9/

OAuth 2.0

https://contoso.accesscontrol.windows.net/v2/OAuth2-13

Facebook

https://contoso.accesscontrol.windows.net/v2/facebook/

OpenID

https://contoso.accesscontrol.windows.net/v2/openid/

WS-Federation

https://contoso.accesscontrol.windows.net/v2/wsfederation/

WS-Federation Metadata

https://contoso.accesscontrol.windows.net/FederationMetadata/2007-06/FederationMetadata.xml

WS-Metadata Exchange

https://contoso.accesscontrol.windows.net/v2/wstrust/mex

Home Realm Discovery Feed

https://contoso.accesscontrol.windows.net/v2/metadata/IdentityProviders.js

When a web application or service integrates with ACS, it trusts one or more Access Control namespaces. In the simplest scenario, an application trusts tokens that are issued from a single Access Control namespace. However, an application or service can trust many Access Control namespaces. Also, a set of closely related applications or services can trust a single Access Control namespace, or a set of closely related applications or services can trust many Access Control namespaces.

See Also

Concepts

ACS 2.0 Components