Thursday, December 17, 2015

Integrate your application authentication with Office 365

Most of us working with Office 365 usually manage users through the O365 Admin Center portal. Did you know that Microsoft Azure Active Directory (AAD) is the directory store that is powering O365 for user management.
If you are small/medium business organization and would like to manage all your application authentication through a common solution, then should you not leverage this AAD? Well, you are already paying for the Office 365 service so why not leverage the AAD that you already have?
Now the common problem here is you don’t have direct access to AAD management from O365 Admin Center.
But if you have worked with Azure, you know that you can manage Azure AD from Azure Management Portal.
Now those are two different things – Azure Management Portal and O365 Admin Center.
What if you are able to link those two together? Can I then manage my O365 AAD through my Azure Management Portal?
Well the answer to both the above questions is the same - “Yes, you can.”  Now if I can manage my O365 AAD through Azure portal, then couldn’t I use it as a common authentication platform for my business applications? The answer is “Yes, you can”.
It is very easy to make this association if you don’t have an existing Azure account.
Login to O365 Admin Center and under “Admin” click “Azure AD”. You will be directed to a page to create an Azure subscription and follow the steps there to create an Azure subscription using your O365 Admin account. It’s simple and direct.
However there is another possibility – what if I already have an Azure account (a@live.com).
Also I have a separate O365 subscription (b@contoso.onmicrosoft.com). Can I link these somehow?
Well the simple answer is “Yes, you can”. But it’s a little convoluted process - not a simple one on one
matching. If you are stuck in a similar situation or would like to see the O365 AD associated with your Azure account, then here are the steps to associate your live account with your O365 account and access the AD associated with O365.
1. Logon to Azure Portal using your live account.
2. Click on New -> App Services -> Active Directory -> Directory -> Custom Create
3. Now select "Use existing directory" from the drop down as shown below:
Office 365
4. Make sure you select the Check Box (in image above).
5. Now you will be logged out and redirected to Azure login.
6. Now login using your O365 Global Admin credentials.
7. Once you login, you will see a prompt asking to add your Azure account (a@live.com) as a global admin for O365 Tenant. Click Continue.
8. Now logout and login again using your Azure account.
9. Go to Active Directory in Azure Management Portal and you can see a new AD
I remember seeing the default O365 AD by the name "Contoso".
Well, if you don't like it you can always rename it to whatever name you prefer.
Now that you have access to O365 AD you can do a lot more from secure application authentication & single sign on standpoint.
More value out of Office 365 at no additional service cost! If you would like to integrate your applications into Office 365 AD for authentication,
Please feel free to reach out to us.

No comments:

Post a Comment