Switching gears, a little but still in the Realm of Azure we are going to focus a bit on Azure Active Directory. That’s right boys and girls, YOU will never escape Active Directory even if you are working in the Cloud. Okay Okay.. Open Source LDAP blah blah blah.
But we, as super kick ass Cloud Developers are going to learn it all or at least learn as much as we can about this mad mad world of Cloud Computing and Cyber Security, together. That’s right.. together!
Alright, enough with my words, let’s let to the lesson:
- Sign into Azure
- Read below
AZ AD – Cloud Based Identity and Access Management
- Users can access internal and external resources
- Creates ability to enforce SSO across all APPs within the Organization
- Referred to a Work or School account
- Can be sync’d via current AD network
Creating \ Managing Users (Three Methods)
- Azure portal – Web GUI
- Azure Power Shell
- Azure CLI
Method One: Azure Portal (Standard User)
- Click Users –> New User
- Username (typically first.last
- Profile – Config additional attributes
- Click Properties to view Source of Authority (Will not exist until user is created)
- Groups – Add users to Groups
- Assign Role
- Click –> Show Password to see the Temp PASSWD
- Click Create
The New User (Now What??)
- Click on the new user after creation to view and edit the attributes.
- Change the Directory Role by adding an assignment
- Add additional Roles
- Assign License(s)
- But wait.. there’s more!
Method Two: Powershell (New User w\parameters)
When Logged into the Azure Portal there is an Option called Cloud Shell:
- At the top of the screen Click on the following command: >_
- Gives you working CLI and Powershell
- Click the Bash\Powershell dropdown menu on the upper left to switch between the two options.
Behold! The commands:
Azure Powershell Documentation:
Method Three: Creating Users with the Command Line Interface
Azure CLI Documentation:
The Guest User….. dun, dun, dun!
3rd Party Accounts (Guest Users) Can also be utilized (Federation Identity Management) meaning accounts from other organization like Google.
- We don’t have to manage other than add\remove
- MFA can and should be enforced (More on that later)
How to Invite a Guest User from the Azure Portal:
- Click New Guest User
- Enter their email address
- Add a personal message if you want
- Click Invite
And that’s it for Azure AD Users… for now. Until next time….