Automating Azure Active Directory: Provision Users and Apps

Some time ago I wrote about User App Provisioning in Azure, which can be achieved manually through the Azure Portal.

But if you happen to have already an application that you use to manage your users and permissions, and you want to deploy such application to Azure, you might want to automate things a bit more.

At a high level, this is the Graph API flow:
  1. Find the User in AAD
  2. Invite the User to AAD
  3. Find the App to Assign in AAD
  4. Find existing App Assignment for the User
  5. Assign the App to the User
This is the flow diagram (a bit more detailed):

The Management App (green color) is the main application where you already manage users and permissions, which did not require AAD integration so far.
However, once the application is deployed to Azure, AAD integration becomes essential.
This is the place where you would want to integrate this POC application.

The POC application is represented by the App Provision App (yellow color), and it manages the Graph API flow. It executes HTTP Requests to the Graph REST APIs (blue color), and it parses and displays the returned JSON data.

Considering that this process should be automated behind the scenes of your existing Management App (unlike in this POC where it is a standalone MVC web app), when things go wrong and errors are returned instead of JSON data, an email is sent to an Admin address (so that a manual action in the Azure portal can be performed and the error fixed).

As of now there are 2 different versions of Graph API:


Microsoft recommends to use the Microsoft Graph API, however it is still very raw and unstable (beta), with many features not available yet.

So in this POC I implemented the Azure Graph API for almost all calls, and just used the Microsoft API for the AAD Invitation (not available in the Azure one).

Here are the screenshots of the App Provision App:






And that's it.

Feel free to ask questions (or code) in the comments below!

Comments

Post a Comment

Popular posts from this blog

Cloud Computing using Microsoft Azure for Dummies

Image
Microsoft Azure is one of the first On-Demand Cloud Services available since several years, along with Amazon . So what is this Cloud Computing ? “Cloud computing, also known as 'on-demand computing', is a kind of Internet-based computing, where shared resources, data and information are provided to computers and other devices on-demand” [ Wikipedia ] Since a few years, and especially thanks to the worldwide Globalization , the amount of data exchanged over the Internet has been growing exponentially, bringing into the game some new paradigm such as Big Data , which challenged the existing hardware and infrastructure at every level. Most public exposed systems and websites had suddenly to deal with a huge amount of traffic, data and requests, from any part of the world, with potential peaks at any given time, 24/7.  This represented a big challenge for the stability and availability of systems, which for most businesses required an incredib
Read more

RabbitMQ on Kubernetes Container Cluster in Azure

Image
Introduction This post is quite technical (and long, and detailed), so sit down, enjoy your coffee, and let’s get started! Containers are becoming the way forward in the DevOps and IT worlds, as they greatly simplify deployments of applications and IT infrastructure . RabbitMQ is “the most widely deployed open source message broker”, and easy to use within a Docker Container Image . Kubernetes is considered the De-facto Standard for Container Orchestration . To follow this tutorial you can use the built in Azure Cloud Shell , or download and install the Azure CLI , and use PowerShell locally. Make sure you have installed  Azure PowerShell . You will also need Kubectl , so make sure you install that too (I suggest Choco as the easiest way). Here I am using PowerShell . Resource Group First you have to login to Azure through PowerShell: az login You will receive a message such as: To sign in , use a web browser to open the page http
Read more

AD vs AAD (Active Directory vs Azure Active Directory)

Image
Comparing AD vs AAD is a bit like comparing apples and oranges; they are two very different technologies used for different scenarios and needs . As organizations look to move a great deal of their infrastructure to Azure , Active Directory ceases to become the right option .  Azure AD therefore, becomes the solution that is recommended. This post is aimed at explaining the main reasons behind this statement. On-Premise Active Directory Windows Server AD offers 5 core services. · Active Directory Domain Services (ADDS) · Active Directory Certificate Services (ADCS) · Active Directory Rights Management Services (ADRMS) · Active Directory Lightweight Directory Services (ADLDS) · Active Directory Federation Services (ADFS) Those 5 services together make up the entirety of on-premises AD . When most of us talk about AD , we’re mostly talking about ADDS . None of those 5 services are available in Azure AD . When you thi
Read more