In terms of end-users’ experience that Azure AD provides single sign-on to thousands of application hosted in any cloud and on-premises, self-service capabilities that can boost productivity from a customizable user friendly environment accessible from every device. This is notably accomplished through the Azure AD Access Panel.
Note As an introduction, you can watch the Channel 9 demo video First day at work with Azure Active Directory241.
Using the Azure AD Access Panel
The Azure AD Access Panel allows an end user with an organizational account in Azure AD to view and launch applications that have been assigned to them by their administrator of their tenant (plus any applications that they have consented to).
In other words, this is a single screen with assigned SaaS applications for every user, and where they can discover which applications they have, single sign-on to those applications, and in some cases manage their application credentials.
The Azure AD Access Panel is a web-based portal available at http://myapps.microsoft.com242.
Note The Access Panel is separate from the Azure Management Portal and does not require users to have an Azure subscription.
To use the Azure AD Access Panel with your organizational account, proceed with the following steps:
-
Open a browsing session and navigate to the Azure AD Access Panel.
-
In the sign in page, enter the credential for your organizational account in your directory. Once authenticated, you’re redirected to the Azure AD Access Panel.
Editing the profile settings for the users
The Azure AD Access Panel allows users to edit some of their profile settings, including the ability to:
-
View the details about their account, such as their User ID, alternate email, mobile and office phone numbers.
-
Change their password associated with their organizational account via Change password.
-
Edit multi-factor authentication (MFA) related contact and preference settings - for those accounts that have been required to use it by an administrator – via Additional security verification (See section § Note Activity and Events Reporting data is now also available (in preview) to developers through the Azure AD Graph API. For more details, see the guide Azure Active Directory Reporting Guide227 as well as the blog post Announcing the preview of Graph Reports and Events API228 and the Microsoft MSDN article Azure AD Reports and Events (Preview)229. earlier in this document). This requires the Premium editions of Azure AD).
And with Basic and Premium editions of Azure AD:
-
Self-register for password reset. See next section.
-
Self-manage the groups. See section § Self-service group management for users later in this document.
-
Self-service for application access. See section § Self-service for application access later in this document.
Self-service password reset for cloud users
Self-service password reset for users allows end users in your organization to reset their passwords automatically without calling an administrator or helpdesk for support.
Important note This feature is only available when you enable the Basic or the Premium editions of Azure AD. For more information, see the Microsoft TechNet article Azure Active Directory Editions243.
This feature is comprised of the following components:
-
Password reset policy configuration portal. Administrators can control different facets of user password reset policy in the classic Azure management portal in the CONFIGURE page of the directory (see below).
-
User registration portal. Users can self-register for password reset with the administrator-controlled password reset policy through the Azure AD Access Panel at https://account.activedirectory.windowsazure.com/PasswordReset/Register.aspx. This requires an office phone and/or a mobile phone as contact data.
-
User password reset portal. Users can reset their own passwords - using a number of different challenges in accordance with the administrator-controlled password reset policy - via a Can’t access your account? link available from any web page, which uses an organizational account for sign in. Clicking the link will launch a launch a self-service password reset wizard.
Activating the password reset policy
To activate the password reset policy for cloud users, proceed with the following steps:
-
Sign into the classic Azure management portal as the administrator of the directory you wish to configure.
-
Click ACTIVE DIRECTORY, and then click the name of the organization’s directory for which a user password reset policy should be defined.
-
Click CONFIGURE and scroll down to user password reset policy.
-
Set USERS ENABLED FOR PASSWORD RESET to YES. This setting reveals several more controls which enable you to configure how this feature works in your directory. As indicated, this setting requires that the user accounts have been configured with Office and/or Mobile phones for verification.
-
Review the available settings such as AUTHENTICATION METHODS AVAILABLE TO USERS that enables you to require the addition of an Office and/or Mobile phone number and/or security questions the first time a user signs in to Azure AD.
Enabling security questions provides the ability for IT professionals to require users to provide answers to a specified amount of questions to register for the password reset feature. Once registered the user will need to answer the questions for verification in order to reset their password:
-
NUMBER OF QUESTIONS REQUIRED TO REGISTER defines the minimum number of security questions a user must select and answer when registering for password reset.
-
NUMBER OF QUESTIONS REQUIRED TO RESET defines the number of randomly-selected security questions a user must answer when resetting a password.
-
After configuring user password reset policy as desired for your tenant, click SAVE in the tray of the bottom.
To add user contact via the user registration portal, proceed with the following steps:
-
Navigate to the user registration page in the Azure AD Access Panel at https://account.activedirectory.windowsazure.com/PasswordReset/Register.aspx and sign in with your organizational account.
-
Under Mobile Phone, specify a country code and phone number and click text me respectively call me to receive a verification text message respectively a verification phone call.
After verifying a phone number, the user’s profile will be updated with the number provided.
-
Click all done!
Performing a self-service password reset
To perform a self-service password reset, proceed with the following steps:
-
Navigate to a page that uses an organizational account.
-
Click Can’t access your account link?. You’re redirected to a Reset your password page at https://passwordreset.microsoftonline.com with you context as a query string.
-
Specify your user ID, for example “philber@corpfabrikam.onmicrosoft.com” as illustrated hereafter, pass the captcha, and then click Next.
-
You can view and read the password reset instructions page. Click Next to proceed with the verification step(s). Once you’ve met the requirements of the organizational policy, you are allowed to choose a new password. The password is validated based on the password policy of the tenant, and a strength validator appears to indicate to the user whether the password entered meets that policy.
-
Once you provide matching passwords that meet the organizational policy, your password is reset and you can log in with your new password immediately.
Note For more information, see the Microsoft TechNet article Enable self-service password reset for users244. You can also watch the Channel 9 demo video Azure Active Directory Premium Self-Service Password Reset w/write-back245.
Share with your friends: |