SSO: Azure AD & Dynamics Navision

Just another post in this blog series on how to setup Single Sign On with Azure Active Directory. This time: Dynamics Navision.

Microsoft offers some guidance on how to configure Single Sign On for Dynamics Navision but in my experience, it requires some investigation to set things up. Especially if you want to automate things for later use. Which is why I’m writing this post.

Pre-requisites

This guide can be used for the Dynamics Navision 2016 or 2017 version. Before you start with the installation please make sure the following pre-requisites are met:

Navision server(s)

Azure AD

  • Credentials of an Azure AD Global Admin account.
  • Create an Azure AD group to control access.
  • Create an Azure AD test user.

Read more…

SSO: Azure AD & Jenkins

Lately i have configured a lot of Single Sign On (SSO) connections between various applications and Azure Active Directory. Azure Active Directory supports the most common applications out of the box. For these type of applications, the federation is preconfigured and it just requires some tenant specific entries to get things working. The steps to configure this are well documented at this location.

Some applications require some more advanced steps to enable a federation. In this post I will guide you through the setup of  a federation for the Jenkins application.

Prerequisites

The setup of the Jenkins Single Sign On configuration requires the following components in the Jenkins and Azure AD configuration:

 Azure AD configuration

First we start with the setup of an Azure AD application context. … Read more…

RBAC model for Azure AD

A lot of companies are struggling with the setup of a RBAC model which fits their organisation. Especially when adopting more Cloud services, it becomes even more challenging. Azure subscriptions, resource groups, databases, key vaults are just some examples. Also, we connect SaaS and other applications to the directory which are accessible via the Access Panel (myapps.microsoft.com). What is the best approach using Azure AD groups? … Read more…

An AWS CICD Release pipeline on VSTS.

Infrastructure as Code is one of the many practices teams have to fulfill the needs of modern systems. The provisioning of resources for systems in an automated versioned way supports also the need of consistent environments across different stages of system development, making it much more comfortable to develop, validate and test systems.

Keep development, staging, and production as similar as possible.
See also the Dev/prod parity practice of the 12 factor methodology.

The principles of a pipeline also fit on pipelines which provision infrastructures. The artifacts should be versioned, validated, automated and more, see pipelines principles.

Visual Studio Team Services and Amazon AWS

VSTS covers many needs for teams and pipelines out of the box. VSTS is optimized for releasing systems and provisioning environments on Azure, many out of the box capabilities which speed up teams. … Read more…

B2B or B2C?

Microsoft released the Azure AD B2B and B2C services last year. The main goal of both services is to provide an Enterprises the ability to grant “external” accounts access to their services. Although there is major difference in the use of these services. Business to Business (B2B) is mainly focussed on collaboration between two different companies so people can interact and work together with for example the same application or within the same project. Business to Consumer (B2C) is meant for the Enterprise’s end-customer granting the ability to login using a single IdP (or your Social ID) to access the company’s services. Buying something online in a web shop or the downloading an invoice on the personal page of your magazine subscription are some examples of a typical B2C scenario.

The table shown below provides some guidance on how to identify the correct scenario:

31-1-2017 07-26-04

According to my experiences there is also some grey area for which the characteristics does not exactly match one of the scenarios shown above. Think about scenarios in which an Enterprise is the end-customer of a certain service the other Enterprise delivers. For example, an energy company which delivers online service to other companies to provide insights into their electricity usage of the buildings the company owns. This brings challenges like how can we assign a customer administrator role with privileges to invite other people within their company? This is more like a B2B feature in a B2C scenario. Let’s see with the future will bring for these types of scenarios. For now, it requires some creative solutioning using the B2C service….