An overview of Azure Active Directory


Providing identity and access management to (your) modern business applications



Download 0.65 Mb.
Page14/23
Date31.07.2017
Size0.65 Mb.
#25740
1   ...   10   11   12   13   14   15   16   17   ...   23

Providing identity and access management to (your) modern business applications


Modern business applications you’re developing can be easily integrated with your directory and granted access to that directory so that you can easily provide single sign-on capabilities (sign in and sign out), manage the user authorization, etc. without the additional cost, burden, and hassle of having to acquire and manage new user credentials. This comprises not only homegrown web applications, web APIs but also native applications.

Note A native application is an application that is installed on a device such as a phone or computer. The combined influence of growing presence of devices in business environments with the Consumerization of IT and the Bring Your Own Device (BYOD) trends, and success of the various marketplace (iTunes, Google Play, Windows (Phone) Store make this form factor one of the fastest growing ones.

The main areas of native application revolve around mobile workforce scenarios (sales people, pharmaceutical promoters, etc.), scenarios in which mobility and free hands are of essence (manufacturing, logistic, healthcare services) and the like.
Note For more information, see the Microsoft MSDN article Integrating Applications in Azure Active Directory196.

For the federated users, a seamless end-to-end single sign-on (federated) experience can be delivered for users logging on their Windows 10 Azure AD joined machines, Windows domain-joined machines and their Workplace joined devices on (exposed) on-premises applications and other applications integrated in your Azure AD directory. Such an experience requires to federate your directory with your on-premises STS, and may require to sync the devices objects between your Azure AD directory and your on-premises identity infrastructure depending on your configuration in place.

Furthermore, if you’re a developer or a cloud ISV, you can allow for external users a web application (or a web API) that you've previously registered in your Azure AD directory and consequently make it available with one click for use by any other Azure AD customer. With one click, those customers can in turn add your web application (or web API) to their own directory tenant giving it a clearly called out set of privileges. They get the benefit of using Azure AD to administer access to your application with one click, you get the benefit of offering world class enterprise directory capabilities that can be easily connected to your customers existing on-premises directory infrastructure.

The aforementioned white paper Leverage Azure AD for modern business applications197 details the registration process in directory tenant(s) and how to (build and) configure such applications to provide sign up for multi-tenant applications, single sign-on for cloud and federated users, and more.


Adding a modern business application


To simply illustrate the related operation, let’s consider a (fictitious) single-tenant web application you’re developing.

To add a single-tenant application, proceed with the following steps:



  1. Sign into the classic Azure management portal as the administrator of the directory to configure.

  2. Click ACTIVE DIRECTORY, and then click the name of the organization’s directory for which you want to add the single-tenant web application you’re developing.

  3. Click APPLICATIONS in the active directory.

  4. Click ADD in the tray of the bottom. A What do you want to do? dialog brings up.



  1. Click Add an application for my organization is developing.



  1. On the Tell us about your application page, specify a name for your web application. This used as human-readable moniker to refer to the application. Select WEB APPLICATION AND/OR WEB API. Click the arrow icon on the bottom-right hand corner of the page.



  1. On the App properties page, provide the URL of a web page where users can sign in and use the web application in APP URL, and the ID URI to use to logically identify the web application in APP ID URI, then click the check mark icon on the bottom-right hand corner of the page.

  2. You are redirected to the Quick Start page for the web application.



Note For more information, see the MSDN article Adding, Updating, and Removing an App 198.

Like the pre-integrated SaaS, custom, and published on-premises applications, Azure AD will not allow users to have an access into the application unless they have been granted access. Users may be granted access directly, or through a group that they are a member of. You can follow the directions outlined in next section § Managing access to applications to quickly assign it to your employees.


Managing access to applications


You can assign access privileges to your applications to the users in your Azure AD directory tenant assuring that every employee has access to the applications they need. Interestingly enough, when a user leaves your organization or changes jobs within the company, you can just as easily remove their access privileges assuring data security and minimizing IP loss.

A single, unified administrative experience for all of your applications is provided, whether it is a pre-integrated SaaS application, a custom application, a published on-premises web application (provided that pre-authentication has been chosen for publishing), or a modern business application you’re developing. Let’s see how this works.




Download 0.65 Mb.

Share with your friends:
1   ...   10   11   12   13   14   15   16   17   ...   23




The database is protected by copyright ©ininet.org 2024
send message

    Main page