Azure Active Directory Application Components

Here's a diagram to show what are the main components involved in an Azure AppService deployment and configuration, between the actual application and the Azure Active Directory setup.

For those not familiar with Azure, it can get confusing between the concepts of Directory, Tenant, Subscription, and all the sub-components that need to be properly configured when deploying to Azure.

Hopefully this high-level diagram can clarify a bit more.

A few notes:

  • you can create several Tenants under a single Directory.
  • you can use Azure Active Directory in any Tenant (not necessarily the one where the application is deployed).
  • you can use the basic Azure Active Directory authentication and authorization features for free (without a Subscription attached to it), but as soon as you need advanced features (let's say MFA), then you need to buy one of the AAD Premium plans.
  • You do need a Subscription for deployment of apps
  • in this setup, a SSL Certificate is used for Mutual Client Authentication for both the Web App (between an F5 Load Balancer and the AppService), and the Web API (between Azure API Management and the backend API); for this to work you need to upload the certificate to API Management and the F5, as well as the AppServices. Also, remember to set the ClientCertEnabled boolean to True in the Resource Explorer of your AppServices. You most likely will setup also some Custom Host Name for your SSL Certificate in your AppServices.
  • in the AAD App Registration you setup Reply URLs, and OAuth2 Permissions to other Azure resources, as well as your App Roles in the App Manifest.
  • then you can assign the app to Users and Groups with specific Roles (AppRoleAssignment) in the Enterprise Applications section.
  • in API Management you can setup Users, Groups, Products and their User Subscriptions, and of course APIs with their SSL Certificate and Policies. You will need to create and configure an Authorization Server in the API Management Publisher Portal for each API that you intend to use through the Developer Portal.
  • also, you can see at the bottom of the image some APIs, such as ARM, APIM REST, and the two Graph APIs. These are used to automate all the above configuration activities that you can do manually in the Azure Portal.

Have fun!

Comments

  1. UnknownJune 15, 2018 at 10:42 AM

    Very interesting, thanks for providing for more updates get touch with Azure Online Training

    ReplyDelete

Post a Comment

Popular posts from this blog

Cloud Computing using Microsoft Azure for Dummies

Image
Microsoft Azure is one of the first On-Demand Cloud Services available since several years, along with Amazon . So what is this Cloud Computing ? “Cloud computing, also known as 'on-demand computing', is a kind of Internet-based computing, where shared resources, data and information are provided to computers and other devices on-demand” [ Wikipedia ] Since a few years, and especially thanks to the worldwide Globalization , the amount of data exchanged over the Internet has been growing exponentially, bringing into the game some new paradigm such as Big Data , which challenged the existing hardware and infrastructure at every level. Most public exposed systems and websites had suddenly to deal with a huge amount of traffic, data and requests, from any part of the world, with potential peaks at any given time, 24/7.  This represented a big challenge for the stability and availability of systems, which for most businesses required an incredib
Read more

RabbitMQ on Kubernetes Container Cluster in Azure

Image
Introduction This post is quite technical (and long, and detailed), so sit down, enjoy your coffee, and let’s get started! Containers are becoming the way forward in the DevOps and IT worlds, as they greatly simplify deployments of applications and IT infrastructure . RabbitMQ is “the most widely deployed open source message broker”, and easy to use within a Docker Container Image . Kubernetes is considered the De-facto Standard for Container Orchestration . To follow this tutorial you can use the built in Azure Cloud Shell , or download and install the Azure CLI , and use PowerShell locally. Make sure you have installed  Azure PowerShell . You will also need Kubectl , so make sure you install that too (I suggest Choco as the easiest way). Here I am using PowerShell . Resource Group First you have to login to Azure through PowerShell: az login You will receive a message such as: To sign in , use a web browser to open the page http
Read more

AD vs AAD (Active Directory vs Azure Active Directory)

Image
Comparing AD vs AAD is a bit like comparing apples and oranges; they are two very different technologies used for different scenarios and needs . As organizations look to move a great deal of their infrastructure to Azure , Active Directory ceases to become the right option .  Azure AD therefore, becomes the solution that is recommended. This post is aimed at explaining the main reasons behind this statement. On-Premise Active Directory Windows Server AD offers 5 core services. · Active Directory Domain Services (ADDS) · Active Directory Certificate Services (ADCS) · Active Directory Rights Management Services (ADRMS) · Active Directory Lightweight Directory Services (ADLDS) · Active Directory Federation Services (ADFS) Those 5 services together make up the entirety of on-premises AD . When most of us talk about AD , we’re mostly talking about ADDS . None of those 5 services are available in Azure AD . When you thi
Read more