SSO: Azure AD & Jenkins

Lately i have configured a lot of Single Sign On (SSO) connections between various applications and Azure Active Directory. Azure Active Directory supports the most common applications out of the box. For these type of applications, the federation is preconfigured and it just requires some tenant specific entries to get things working. The steps to configure this are well documented at this location.

Some applications require some more advanced steps to enable a federation. In this post I will guide you through the setup of  a federation for the Jenkins application.

Prerequisites

The setup of the Jenkins Single Sign On configuration requires the following components in the Jenkins and Azure AD configuration:

 Azure AD configuration

First we start with the setup of an Azure AD application context. … Read more…

RBAC model for Azure AD

A lot of companies are struggling with the setup of a RBAC model which fits their organisation. Especially when adopting more Cloud services, it becomes even more challenging. Azure subscriptions, resource groups, databases, key vaults are just some examples. Also, we connect SaaS and other applications to the directory which are accessible via the Access Panel (myapps.microsoft.com). What is the best approach using Azure AD groups? … Read more…

B2B or B2C?

Microsoft released the Azure AD B2B and B2C services last year. The main goal of both services is to provide an Enterprises the ability to grant “external” accounts access to their services. Although there is major difference in the use of these services. Business to Business (B2B) is mainly focussed on collaboration between two different companies so people can interact and work together with for example the same application or within the same project. Business to Consumer (B2C) is meant for the Enterprise’s end-customer granting the ability to login using a single IdP (or your Social ID) to access the company’s services. Buying something online in a web shop or the downloading an invoice on the personal page of your magazine subscription are some examples of a typical B2C scenario.

The table shown below provides some guidance on how to identify the correct scenario:

31-1-2017 07-26-04

According to my experiences there is also some grey area for which the characteristics does not exactly match one of the scenarios shown above. Think about scenarios in which an Enterprise is the end-customer of a certain service the other Enterprise delivers. For example, an energy company which delivers online service to other companies to provide insights into their electricity usage of the buildings the company owns. This brings challenges like how can we assign a customer administrator role with privileges to invite other people within their company? This is more like a B2B feature in a B2C scenario. Let’s see with the future will bring for these types of scenarios. For now, it requires some creative solutioning using the B2C service….

Hybrid identity update: Pass-Through Authentication and Seamless Single Sign On

It is one of the main announcements from Ignite 2016, but now the functionalities are finally here: Pass-Through Authentication and Single Sign On. These features are added to latest Azure AD Connect release and are considered a huge game changer in the Hybrid Identity scenarios. In this post, I will elaborate on these two new features and I will also answer the question: Is ADFS a deprecated type of scenario for a hybrid identity setup? … Read more…

Access Control using Azure Active Directory

By adopting more and more different cloud applications in your organization the need for management and controls becomes crucial. Azure Active Directory in this case offers a wide set of features to support these scenarios. Some of the primary functionalities like account management, Multi-Factor Authentication and Federation support covers most of the needs on the authentication level and these are common practice nowadays. When it comes to controlling and granting access to applications or managing authorization in a cloud scenario and integrating with your environment, it suddenly starts to be a little bit blurry. This post will give a brief overview of the Azure Active Directory key Access Control features and it will provide a practice to combine these features which will help IT organizations to manage and service their organization in an efficient and compliant way. … Read more…