This video covers the creation of users and groups in Azure Active Directory, including configuring and assigning users to dynamic groups.
- [Instructor] Before configuring our application access panel for our users, I'd like to go ahead and create all the users in groups first. This just saves time for you later on. As you can see, I've already logged into Azure. I'm going to go ahead and click on Azure Active Directory and you'll notice that we already have a list of users and groups that we already have within our Active Directory. Some of these users have been created within Azure Active Directory, some of them have come through from our on-premise Active Directory and have synchronized from on-prem into Azure Active Directory.
I like to start off with groups and then add my users to groups. I'm going to go ahead and add a new group. You can either click in Users and Groups, or you can click in Add a Group. I'm going to go ahead and click Add a Group. Next, enter a name for your group. I'm going to create a human resources group. I have three membership types. I can have an Assigned membership type, which means I will mainly have to assign my users to this group.
I can have a Dynamic Device or user. A Dynamic Device means members will be added to this group based on their device type. Our users will be automatically assigned to this group based on the parameters we set. I'm going to go ahead and use Dynamic User. I do not have an Office 365 account associated with this description, therefore, I'm not going to enable Office features. If you did tie into Office 365, you probably want to enable this. Where I want to focus is in Add Dynamic Query.
This is where the magic happens. I'm now going to go ahead and create the rule to automatically add users to our HR group. First thing I'm going to do is click on Add Users Where. It will drop you right down to the last option. To find some of the more popular parameters, you'll have to scroll up a little bit. As you can see, we have different options here. You may want to have a dynamic membership group based on country, so all the users from Canada would be in one group, or you might want to do it on job title.
You may want to have a group for all of the production managers. For those of you who are familiar who OUs and groups in Active Directory, this will feel very similar. I'm going to configure my membership based on department. And if department contains HR, that user will be assigned to this group. Make sure you select Add Query at the bottom and then Create. It doesn't take long for groups to be created. I'm going to go ahead and close this blade. Now I want to go ahead and add a user.
This user will be automatically assigned to that HR group. I'm going to click Add a User and we're going to add in Sherlock Holmes. I'm going to provide his user name. Next, I'm going to click in Profile and this is where the magic happens. I'm going to provide his first and last name. And department will be HR.
I'm going to click OK. I could then select other groups that this user needs access to. I think I'll put him in the line of business users grpup. Click Select. And then what is the role for this user? In our case, he's just going to be a regular user. I could make him an admin if I wanted to. We have a global admin and limited administrators. A global admin has full control over the directory, whereas a limited administrator has only certain rights within that directory.
I'm going to go ahead and select User so I'm not changing anything here. A password has already been generated for this user. I'm going to go ahead and click Create. It'll take a moment to register this user. If I pop back into Users and Groups, we can see Sherlock Holmes has been created. I'm going to go ahead and click on Sherlock. We can see that he has one group membership and this would be the membership that I assigned to Sherlock.
Remember we put him into the line of business users group? I want to give you a little bit of a heads-up. When you're using Dynamic Groups, it can take a few minutes for those users to be populated within those groups. So, you'll just have to be patient and wait. After about a minute and a half, maybe two minutes, you'll notice that the membership number of groups that this user belongs to has increased to three. So, again, keep in mind it may take a minute or two for the user to be assigned to those groups. If I click in Group Memberships, I'll see all the groups the user belongs to.
In my Azure Active Directory, I have configured all users belong to the All Users group. So, that was automatically assigned to this user. Next, we have the Human Resources group. This is in dynamic memberships as well and this is the one we set up. Then our line of business users was the membership that we assigned manually. As you can see, taking the time to plan out your groups and your users will save you tremendous amount of time as the number of users in groups grow. Next, I'm going to show you how we leverage these groups for the access panel.
- Azure AD
- Adding company branding
- Adding a custom domain
- AD Connect configuration
- AD Connect Health
- Administering users and groups
- Configuring SaaS applications
- Granting conditional access
- Revoking access
- Application proxy and discovery
- Integrating web and desktop applications
- Creating an Azure AD B2C directory
- Registering an application
- Creating a Microsoft identity