In this video, Sharon demonstrates how to configure SaaS applications in the gallery, for use by users via the Access Panel using groups or specific users.
- [Instructor] Now that we've created our users and groups, let's go ahead and configure our cloud-based applications for use within the My Portal for our users. As you can see, I've already logged in to Azure. I'm going to go ahead and click on Azure Active Directory. To go ahead and configure these clouds apps, we're going to click on Enterprise Applications. You can see I already have six apps already included in this list, and if I click on one, let's click on Twitter, we can see that we have one user associated with Twitter.
This happens to be my account. We can see that we have five sign-ins from Microsoft App Access and one Azure portal sign-in. Let's go ahead and add a new application. I'm going to click on Add. We have a couple of options to choose from here. First of all, you'll notice that there are almost 2800 pre-configured applications already available to you. You can go ahead and look for one through here. We'll do that in a moment, but before we go ahead and search for one, I'm going to point out your other options.
Your first option is an application that you're developing. In this case, you have to go ahead and register the application to integrate it with Azure Active Directory. Next, we have an on-premise application. This would be an application that sits on premise, and we actually have to go ahead and configure the application proxy in order to access that application. Finally, we have a non-gallery application. We have the option to integrate any other application that we have, that you may not find in the gallery. For this demonstration, we're going to go ahead and use one from the gallery.
I'm going to go ahead and find SurveyMonkey. Because SurveyMonkey happens to be one word and my search was two words, I had to modify my search in order to find SurveyMonkey. I'm going to click on SurveyMonkey. This provides Name, the URL is already available to us, and the Logo. I'm going to ahead and click Add. It will take a moment for SurveyMonkey to be made available to us.
In the meantime, I'm going to go ahead and close these blades. SurveyMonkey was successfully added, but I'm going to have to reopen this blade in order to see it, or you can click on All Applications. This will show you a list of all the cloud applications that you have added. I'm going to go ahead and configure SurveyMonkey. We see our Overview, we don't have anything set up for it. I'm going to go ahead and start on Quick Start, and actually walk through the steps, but each of these steps are available individually below.
I'm going to go ahead and assign a user for testing. This is required. I'm going to go ahead and click Add. You can select your users and/or groups. This is why you see using groups is beneficial. I'm going to go ahead and select Human Resources, so everybody in the Human Resources group has access to SurveyMonkey. Click Select, and now I need to assign credentials. In this case, I am providing the credentials for SurveyMonkey. The users do not know what those credentials are.
I'm going to click Yes. I'm going to enter the username and password for SurveyMonkey. Click OK once you've entered your credentials. Click Assign, and we can see that the Human Resources group now has access to SurveyMonkey. Next is Configure single sign-on. This is required. In this case, I'm going to use password-based single sign-on, so I've already configured that, but I could have linked sign-on.
In this case, if I clicked on that, all that will happen is users will be directed to the URL to sign in themselves. I don't have to make any changes here, because I've already provided the username and password. I'm going to go ahead and close that blade. Our next option is Configure self-service. This is optional, if you would like your users to be able to request access to an application, this is where you'd go ahead and turn that on and configure it. You also have the ability here to require approval before granting access to the application.
You can select a user to be able to grant access to that SAS application. Finally, do you want the approver to be able to set user's passwords for this application? We're not going to configure anything here so I'm going to go ahead and close this. Then finally, we're going to go ahead and deploy single sign-on to users and groups. You'll notice that Human Resources is already available to us, because we already added them in under Testing. This brings up a good point. You may want to have a set of test users in order to ensure you've configured the SAS applications correctly, and that the users who should have access, do have access.
Those users who shouldn't have access, don't have access. I'm going to quickly add in my account. Next time I log in, I'll have SurveyMonkey. Again, I will want to go ahead and assign credentials on behalf of the user. I'm going to go ahead and click OK, assign, and there we go. I'm going to close these. I'm going to log out and we're going to log in and show you what this looks like from the user point of view now.
Just a quick heads up. It will take a few minutes for those applications to be available to the users. I've gone ahead and navigated to myapps.microsoft.com. I'm going to go ahead and log in. You'll now see that SurveyMonkey is available. I can go ahead and click it, and it'll launch the website for me. Perfect. In this case, I do have an error. The reason I have the error is because I entered the password incorrectly.
Again, this comes back to the testing phase that you'll want to go through and make sure you've entered all the usernames correctly, all the passwords correctly. I'm going to exit out of this. Now let's go ahead and see what this looks like for Sherlock. As you recall, Sherlock only belongs to the Human Resources group. I'm going to go ahead and log out. I'm going to use another account. Keep in mind that Sherlock was a brand-new account so he has a temporary password.
I've entered that. Because this was the first time that Sherlock is logging in, he needs a new password. I'm going to go ahead and update. Do I want Google to remember this? My choice, I'm going to go with never. As you recall, when we created Sherlock, we added him to the line of business app and SurveyMonkey. From here, he can go ahead and click on SurveyMonkey.
If I type the password correctly in this instance, they'll be logged in. As you can see, I did type the password correctly in this case. Anybody else who's added to the Human Resources group will have access to SurveyMonkey. Again, I want to point out, in this case, Sherlock has the option to click Save. This username, password will be saved. I'm going to click never. That's all there is to it. To recap, I find it easier to create my users and groups first, then assign my SAS applications to the users and groups.
Always test first before deploying it to users, to ensure that you do have the right usernames and passwords. You're trying to make the users' lives easier, not frustrate them by providing incorrect passwords.
- Azure AD
- Adding company branding
- Adding a custom domain
- AD Connect configuration
- AD Connect Health
- Administering users and groups
- Configuring SaaS applications
- Granting conditional access
- Revoking access
- Application proxy and discovery
- Integrating web and desktop applications
- Creating an Azure AD B2C directory
- Registering an application
- Creating a Microsoft identity