Azure Apps Provisioning to External Users

So, you’re finally deploying your apps to Azure like there’s no tomorrow, through a solid CI and CD process, and everyone is happy about it.

Then you realize you still have one challenge: you need to provide those apps to your customers in a smooth but secure way, just like you’ve been doing for years with Active Directory Federation, where the customer logs onto his own AD, and from there he can access your apps.

How to achieve that in Azure?

Turns out that (after solving a few puzzles – we know MS documentation, don’t we) it is quite simple!

First you need to invite your customer to join your Azure Active Directory; this is done in the New Portal by opening the Azure Active Directory “menu blade”.




Then click on the menu item Users and groups.







Then click on the menu item All users.





Here you can invite an external user to join your AAD as a Guest; this will give your customer enough permission to use your Azure deployed apps (that you assign them permissions to), without being able to access your other Azure resources.

NOTE: It is also possible from the Classic Portal (only) to add an external user by creating a full user within your Active Directory, but that’s out of scope here.

Now click on the New guest user link.




Here you will simply write your customer email address, and optionally a personal message to be included with the invitation.

Once this is done, and email message will be sent to your customer inbox, looking like this.















Once your customer will click on this link he’ll get to the URL http://myapps.microsoft.com, where he will see an empty page!

:)


Yes, first you need to assign permissions to some app that you want your customer to be able to use.

This can be done in the Azure Portal, within the Azure Active Directory section, under Enterprise Applications. Select the Application you need to assign, then click on the Users and groups menu item.


From here you can click on the Add user button.


There you will be able to select the user(s) you want to assign to the App, and if any AppRole has been defined in the App Manifest, assign those as well.

Now your customer can access the same page again, but now he will see a list of allowed Apps.










And that’s it!






Comments

Post a Comment

Popular posts from this blog

Cloud Computing using Microsoft Azure for Dummies

Image
Microsoft Azure is one of the first On-Demand Cloud Services available since several years, along with Amazon . So what is this Cloud Computing ? “Cloud computing, also known as 'on-demand computing', is a kind of Internet-based computing, where shared resources, data and information are provided to computers and other devices on-demand” [ Wikipedia ] Since a few years, and especially thanks to the worldwide Globalization , the amount of data exchanged over the Internet has been growing exponentially, bringing into the game some new paradigm such as Big Data , which challenged the existing hardware and infrastructure at every level. Most public exposed systems and websites had suddenly to deal with a huge amount of traffic, data and requests, from any part of the world, with potential peaks at any given time, 24/7.  This represented a big challenge for the stability and availability of systems, which for most businesses required an incredib
Read more

RabbitMQ on Kubernetes Container Cluster in Azure

Image
Introduction This post is quite technical (and long, and detailed), so sit down, enjoy your coffee, and let’s get started! Containers are becoming the way forward in the DevOps and IT worlds, as they greatly simplify deployments of applications and IT infrastructure . RabbitMQ is “the most widely deployed open source message broker”, and easy to use within a Docker Container Image . Kubernetes is considered the De-facto Standard for Container Orchestration . To follow this tutorial you can use the built in Azure Cloud Shell , or download and install the Azure CLI , and use PowerShell locally. Make sure you have installed  Azure PowerShell . You will also need Kubectl , so make sure you install that too (I suggest Choco as the easiest way). Here I am using PowerShell . Resource Group First you have to login to Azure through PowerShell: az login You will receive a message such as: To sign in , use a web browser to open the page http
Read more

PowerHell

Image
So here's another rant about Microsoft inconsistency and UN-usability of their products (sorry but I cannot hold this anymore).. Since it's been introduced years ago, Microsoft Powershell looked very promising, with its CMDLet approach to reuse scripts, not only for sysadmin tasks, but for almost everything Microsoft . There is only one problem with it (still nowadays): inconsistency . The reason why I say this, is because most of the times (I am serious, most of them) I try to use Powershell , I get the famous error message: The term '[ Put your Powershell Module name here]' is not recognized as the name of a cmdlet, function, script file, or operable program. That seems like a trivial error, so the next thing to do is to install the missing module. This generally requires a few steps: Figure out which module contains the command you are trying to run (not always straightforward). Figure out which version of the module contains the exact comman
Read more