Automated user provisioning for Azure AD

Identity management is one of the most important topics in the cloud and security area. Obviously, the best way to create user accounts and groups in a directory is by using an automatic workflow / connection. This should be sourced from a Identity Management system or a HR system directly. Especially on this last topic, Microsoft is working closely together with Workday which you definitely should check out. Also, one of the most common ways to extend your accounts and groups to a Cloud world is by using Azure AD Connect. Azure AD Connect synchronizes the objects, which are located in the local AD, to Azure AD which is ideal for a hybrid situation. All tough I have come across a couple of mid-size businesses which do not have these kind of infrastructure in place and/or do not want to invest in an automatic workflow to provision Azure AD. For these smaller companies we have developed an User Management application which is now published as open source on GitHub. In this post I will go over the details on how to automate the user provisioning for Azure AD by using this User Management application and what technology is being used on the background. … Read more…

SSO: Azure AD & Confluence

In this Single Sign On “how to” guide we will look into the steps to integrate Confluence and Azure AD.

Specifically, this blog covers the custom installation of Confluence server. The Atlassian SaaS SSO configuration, which does also include Confluence, is covered in a Microsoft blog.

Pre-requisites

This guide is compatible with Confluence server version 5.5 or higher. Next you need to make the following preparations:

Confluence

Azure AD

  • Credentials of an Azure AD Global Admin account.
  • Create an Azure AD group to control access.
  • Create an Azure AD test user.

Read more…

Integrate non-Azure AD gallery applications

Since the launch of the Azure AD administration console in the new Azure AD portal you need to know a couple of things to setup a Single Sign On configuration for an application which is not listed in the Azure AD gallery. This blog describes the steps to integrate non-Azure AD gallery applications.

The first step is to open the Azure AD administration console in the Azure portal and select the Enterprise applications: … Read more…

SSO: Azure AD & Dynamics Navision

Just another post in this blog series on how to setup Single Sign On with Azure Active Directory. This time: Dynamics Navision.

Microsoft offers some guidance on how to configure Single Sign On for Dynamics Navision but in my experience, it requires some investigation to set things up. Especially if you want to automate things for later use. Which is why I’m writing this post.

Pre-requisites

This guide can be used for the Dynamics Navision 2016 or 2017 version. Before you start with the installation please make sure the following pre-requisites are met:

Navision server(s)

Azure AD

  • Credentials of an Azure AD Global Admin account.
  • Create an Azure AD group to control access.
  • Create an Azure AD test user.

Read more…

SSO: Azure AD & Jenkins

Lately i have configured a lot of Single Sign On (SSO) connections between various applications and Azure Active Directory. Azure Active Directory supports the most common applications out of the box. For these type of applications, the federation is preconfigured and it just requires some tenant specific entries to get things working. The steps to configure this are well documented at this location.

Some applications require some more advanced steps to enable a federation. In this post I will guide you through the setup of  a federation for the Jenkins application.

Prerequisites

The setup of the Jenkins Single Sign On configuration requires the following components in the Jenkins and Azure AD configuration:

 Azure AD configuration

First we start with the setup of an Azure AD application context. … Read more…