Lately I have ran into several cases in which Okta is postioned as the IDaaS solution for Cloud applications. This often requires some type of integration with the existing identity services which might be challenging. Especially in a Microsoft oriented landscape using Office 365, Intune and other Azure AD related services. In this blog post I’ll cover the scenario to integrate Okta and Azure AD by using Intune managed devices based on Azure AD Domain Join. This enables a Single Sign On experience to either Okta or Azure AD federated applications by logging in just once on their own device. Awesome right? … Read more…
Last month I spend some time on migrating an Azure PAYG subscription to an Azure CSP subscription. It seems like moving around some resources between resource groups is not that complex but I ran into some issues during the move which made me write down this post.
Before we start with the actual migration you should first draft a plan based on the different type of resources in you Azure subscription. I have used the following approach:
In this step we collect all the information of the current subscription. You can use the following tools and steps to get the information:
- Use the Azure CSP Migration Assessment tool. This will give you a good overview of which resources can be migrated, which require some extra action and which cannot be moved. The output is something similar to this:
Identity management is one of the most important topics in the cloud and security area. Obviously, the best way to create user accounts and groups in a directory is by using an automatic workflow / connection. This should be sourced from a Identity Management system or a HR system directly. Especially on this last topic, Microsoft is working closely together with Workday which you definitely should check out. Also, one of the most common ways to extend your accounts and groups to a Cloud world is by using Azure AD Connect. Azure AD Connect synchronizes the objects, which are located in the local AD, to Azure AD which is ideal for a hybrid situation. All tough I have come across a couple of mid-size businesses which do not have these kind of infrastructure in place and/or do not want to invest in an automatic workflow to provision Azure AD. For these smaller companies we have developed an User Management application which is now published as open source on GitHub. In this post I will go over the details on how to automate the user provisioning for Azure AD by using this User Management application and what technology is being used on the background. … Read more…
In this Single Sign On “how to” guide we will look into the steps to integrate Confluence and Azure AD.
Specifically, this blog covers the custom installation of Confluence server. The Atlassian SaaS SSO configuration, which does also include Confluence, is covered in a Microsoft blog.
This guide is compatible with Confluence server version 5.5 or higher. Next you need to make the following preparations:
- Install the free SAML SSO plugin for Confluence.
- Credentials of an Azure AD Global Admin account.
- Create an Azure AD group to control access.
- Create an Azure AD test user.
Since the launch of the Azure AD administration console in the new Azure AD portal you need to know a couple of things to setup a Single Sign On configuration for an application which is not listed in the Azure AD gallery. This blog describes the steps to integrate non-Azure AD gallery applications.
The first step is to open the Azure AD administration console in the Azure portal and select the Enterprise applications: … Read more…