Azure Active Directory is really great because it gives administrators in an organization the possibilities to centrally manage identities, authentication and authorization to all application that employees use for their day to day work. And you can do this also for services and applications Twitter, Facebook and other around 3000 further applications that support integration with Azure Active Directory. And this is very useful.
Let’s say that Jim is the IT Manager for a global PR agency. They have several teams, managing different customer accounts, including their social media presence. Security is very important and in order to avoid account hijacking it would be great if employees could access the Twitter accounts they manage without knowing the password for that specific Twitter account. The good news is that this is possible with Azure Active Directory.
To achieve this, there are few steps that an IT admin would need to undertake. First of all, the Twitter application should be added to the needed Azure Active Directory:
1. Open the Azure Portal
2. Navigate to the Azure Directories on the left and choose the directory where your users are located
3. Click the directory and on Applications. On the bottom of the page click “Add“
4. Click “Add application from gallery“. Search for the Twitter application and select it
Now you should be able to see Twitter as an application listed in the application list. If you click on it, you will see the application dashboard and the next step is to authorize users for this application.
To do this, you may follow these steps:
1. Click on the Twitter application listed in that specific Azure Active Directory
2. Navigate to “Users“. Here you will see all your users and security groups.
3. Select a desired user and on the bottom of the page click “Assign“
4. A new window will open and you can provide Twitter credentials on behalf of the user
Now when this users will navigate to portal.office.com/myapps he will also see the Twitter application listed. When the user clicks on it he will be automatically signed in with the credentials that I provided.
Of course, I can use the same procedure to authorize another users for the Fabrikam account. And of course I can use security groups to authorize access to different Twitter accounts.
The best part here is that none of the users will know the credentials for the Twitter accounts they manage. So if an employee quits the job, he also looses access to that specific Twitter account. So there’s no risk of accounts being hijacked and misused.
And the second good part is that, as admin or IT manager, I am able to audit all logins and get a full and detailed usage report.
I took Twitter as an example but you can do the exact same things with all over 3000 applications already integrated in Azure Active Directory or with applications that you develop and take advantage of all Azure Active Directory capabilities.
Latest posts by Dan Patrascu-Baba (see all)
- ADFS in multi forest environments - 20/10/2017
- #Build 2017 – some exciting things - 10/05/2017
- Testing Azure AD per app MFA and conditional access based on network location - 29/07/2016