In this demonstration video, Sharon will provide an overview of Azure Active Directory, including adding users and groups, configuring for on-premise Active Directory synchronization, and controlling user access to third-party SaaS applications such as Twitter. The demonstration will also include an overview of the various built-in reports.
- [Instructor] In this demonstration, I am going to show you how to associate a SAS application to a specific user in Azure Active Directory. I am currently in the Azure Resource Manager portal. As of today, August 8th, 2016, Azure Active Directory is still accessed via the classic portal in Azure. To access this portal, I'm going to scroll down to Active Directory. A little tip. Anytime you see the square with the arrow in Azure, it will redirect you to the classic portal.
This is the classic portal for Azure. For those of you who have seen Azure before, you may have seen this, you may have worked in this. If you're relatively new to Azure, you may never have seen this. We can have several directories within Active Directory. I am going to work in the Bennett Business Connections directory, as that has live information. I'm gonna go ahead and select it. Before we jump into how do we configure all this, I want to show you what it looks like to the user in the end. So right now, I'm on the quick start page.
That's what this little icon is. I'm gonna click down to Explore, and I'm going to sign in to an application. This is gonna launch the web portal that your users can use to access their SAS applications, which is everything in one webpage for them. You'll notice here that I have two applications listed. I have SurveyMonkey and Twitter. What we are going to do next is add in the icon for LinkedIn. Now, when the user logs in, and they want to go to LinkedIn, they will just click the LinkedIn icon.
To associate LinkedIn to a specific user, I'm going to click in Applications. As you may notice, I already have several listed here, but I only had two available to me when I logged in to that portal. I only assigned those two to that account. We're gonna go ahead and add LinkedIn to this list. I'm going to go ahead, click Add, and I'm going to select an application that is in the gallery. You will notice there are over 2600 SAS applications that can tie directly into Azure Active Directory.
Not only can you pick from one of the 2600, if you develop your own applications, you can associate those with specific users as well, and depending on the SKU for Azure Active Directory, you can access your on-premise applications using the Azure portal. I'm going to go ahead and search for LinkedIn. I'm going to provide the Display Name. In this case, I'm gonna go ahead and configure single sign-on. You have two options here. You can have password single sign-on. In this scenario, the credentials are stored by Azure Active Directory.
Or you can leverage existing single sign-on. Selecting Existing Single Sign-On means Azure Active Directory will provide single sign-on to LinkedIn using Active Directory Federation Services, or another single sign-on provider if you're using one. I'm going to go ahead and do password single sign-on. Now, I'm gonna select the users who will have access to LinkedIn. I'm going to assign this to my user account. I'm going to go ahead and search for that.
I have selected my user account, and now, I'm going to assign LinkedIn to that specific account. This next screen is really important. If you are going to provide the corporate credentials for that SAS application, this is where you're going to do it. If you do not want to provide the corporate credentials, and have the users login with their own credentials, you would go ahead and not enter the information in here. In this case, I want to control that access. That way, if the employee leaves, they never have the username and password for that service.
Let's use an example of Twitter. You hire somebody, they come in, they're going to manage your Twitter account. Let's say they leave on terms that may not be so friendly. The last thing you want is for them to access your company Twitter account, and do brand damage. If they never know the username and password, they can't do so. I'm going to provide the account credentials. I have entered the account name and the password. LinkedIn has now been associated with that user.
If I go back to the quick start, and back to sign in to an application, LinkedIn will now be available to me. As a user, I may need to access the corporate LinkedIn account. I can now go ahead and select the LinkedIn icon. This will now launch LinkedIn for me, providing the credentials. Again, the key here is that the user never has access to those credentials. Using Azure Active Directory to control how your users interact with SAS applications provides a better user experience for your users, and allows you to maintain control over those SAS applications.
- Understanding cloud technologies
- Why Azure?
- Creating virtual networks and storage
- Using Azure Active Directory for identity management and protection
- Disaster recovery with Azure Backup and Azure Site Recovery
- Working with virtual machines