Azure AD Custom SaaS Applications for any 3rd party service.

It’s been a while since i last posted an article and that is because it’s been a rather busy past few months I must say. Recently we launched the option for your to create Custom Applications in Azure Active Directory which allow you to effectively create SaaS Applications for any website to which you want to enable password-single sign on for your end-users (same way most of the gallery applications work today)

This enables you as IT Administrators to not only provide your end-users a more enhanced experienced when it comes to identity but it also allows you to keep full control of access to corporate resources even those that are 3rd party managed by allowing you as IT Administrators to create accounts for your employees with secure passwords, and then assigning them centrally to the end-users meaning they never know what the password is to access the 3rd party service. This means that if you should disable the users access to sign-in to Azure Active Directory they also loose access to any 3rd party applications that you have assigned to them.

In order to take advantage of this feature, all you need to do is sign-in to the Azure Management Portal (manage.windowsazure.com) with a Administrator Account that belongs in your Azure Active Directory that you have already if your using one of Microsoft Online Services such as Office 365, Dynamics CRM, Intune. If you have not access the Management Portal before than you can easily obtain a $0 subscription to enable you to access this portal and you can find more information about this by viewing a previous article posted here: https://www.edutech.me.uk/authentication/sign-up-for-microsoft-azure-without-using-a-credit-card-0-subscription/ 

NOTE: we recently add an Azure AD link in to the Office 365 Administration Portal (portal.office.com) and so if you click on this Link it will take you through the process to sign-up for a $0 Subscription.

so, once you have access you just need to do the following:

1) Select the Azure Active Directory

1

2) Select the Applications node on the top navigation bar, and then Select ‘New’ from the bottom Navigation bar. On the next screen select Add an application from the gallery

2

3) Select custom from the left hand side menu structure, and select give your application a Name

3

4) Click on the Tick, which will then create the application and add it to your Azure Active Directory.

5) On the next screen you then need to go through the 2 simple steps, first start off by clicking Configure Single Sign-on and select how you would like your users to sign-in to the 3rd party service. If your 3rd party application supports federation and you already have this in place for a Federation Provider such as AD FS you can use this option, if you don’t have anything in place then you can choose to select ‘Password Single Sign-On’ which is what I shall do in this example.

5

6) Click Next, and specify the sign-in URL for the 3rd party website

6

7) Click next, and then you will notice that on the next screen the wizard picks up the fields available on that page that are available for you to sign-in. In this example I am actually using a forum and so i have 3 fields shown below. I only want the username and password fields as they are the only ones that need populated in order to access the service and so I shall go ahead and de-select the field for the password hint.

7

8) Once that has been done, go ahead and select the tick which will complete that step and so next you need to go and assign the application to a user(s) to do this click on Assign Users, Select All Users  from the drop down box and then select the user whom you wish to assign the application to and then select Assign from the bottom navigation bar.

9) you now have the option to enter the credentials on behalf of the user, or you can allow them to do this themselves the first time they attempt to sign-in to the application if you wish to give users the ability to do this. In my example, I shall type the credentials in on the users behalf.

8

10) Once this has been done, proceed with clicking on the Tick.

 

Done. so, now when your end-user(s) that you assigned the application to access myapps.microsoft.com or/ if your using the updated Office 365 Portal your users will see this as an available application.

myapps_portal New_Inter

If you do use the password single sign-in option you need to remember that an browser add-on will need to be deployed before it will work. Once this has been done, your user will then click on the tile that represents the application and then it will take them to the 3rd party application and sign the user in using the credentials you specified seamlessly.

NOTE: this feature is currently in public pre
view so it’s not advised to use this in production environments. this feature will be generally available in due course and will be available as part of the Azure Active Directory Basic or Premium SKU. More information about this can be found here: https://msdn.microsoft.com/en-us/library/azure/dn532272.aspx (More Features Coming Soon).

If you have any questions please reach out and I would be more than happy to help.

Thanks,

James.