Groups Azure AD

Groups Azure AD

Groups Azure AD

The group management has been implemented in Azure AD, this feature allows easier administration of access to resources. These may be local (resources present in the Azure Active Directory) or external (SharePoint site, SAAS application,…). Access to a resource can be done in several ways:

  • Direct assignment : the owner of the resource gives access to the resource. This weighted solution daily administration.
  • Belonging to the Group : in order to facilitate the management of rights of access to a resource, it is possible to add a security group to a resource. Users are added to these groups and thereby recover access to the resource.
  • Based on a rule : the resource owner has the ability to create a rule that will define the users who have access to the resource dynamically. For this, it is necessary to use the attributes of the users and to set a value. When the attribute of the user has the correct value, access to the resource is granted.
  • External authority: access is granted to a group synchronized by an external (Active Directory for example). So the the resource is accessed from the on-premise directory.

How to implement groups in Azure

In order to implement groups in Azure, go to the Azure AD database, and then click groups tab. Click Add a group.

Groups Azure AD

Enter the name of the Group and a description, and then click Validate.

Groups Azure AD

The group is present in Azure.

Groups Azure AD

Click the Group and in members, click Add members.

Groups Azure AD

Select users and then validate the selection.

Groups Azure AD

The users have been properly added to the group.

delegation operation

Before you can delegate operation to a group, it is necessary to proceed with the activation of the feature.
In the portal Azure, select the Azure AD, then click on the configure tab.

Groups Azure AD

In group management, enable the setting groups with delegation management by clicking Yes.

Groups Azure AD

Select the setting users can create security groups by clicking Yes. Click Save to commit the change. Select the group which must be delegated, and then click on the owners tab. Click the link add owners.

Groups Azure AD

Select a user with no rights administrator then confirm your choice.

Groups Azure AD

The user is present in the list of owners.

Groups Azure AD

Using a Web browser, go to the URL http://myapps.microsoft.com.

Groups Azure AD

Enter the account owner of the group in the fields, and then click Connect.

Groups Azure AD

In the window that appears, click groups.

Groups Azure AD

Click the group that appears, the user has the possibility to see the members of the group but also to modify.

Groups Azure AD

The user has the possibility to change the group because he is the owner. Click on Edit and then in the drop-down list Group Policy, select This group requires owner approval.

Groups Azure AD

Click on Update. So, it’s very easy to delegate the management of these groups to one or more users.  Make the creation of the Group G-Twitter and add a different owner of the previous group.

Groups Azure AD

Go back to the http://myapps.microsoft.com URL, log in with the account owner of the Group G-Twitter.
Only the group to which the user is a member appears.

Groups Azure AD

In the drop-down list select All to view all Azure Active Directory groups.

Groups Azure AD

Click on the Group G-Facebook, properties appears. Click on Join group in order to send the request to the owner of the group

Groups Azure AD

Enter the desired justification then click on Request.

Groups Azure AD

Click approvals and then select My Requests in the list box. The demand appears.

Groups Azure AD

sign you then sign up as a user1@inyourcloud.fr. Click approvals and select the application for approval. Click Approve to approve the request

Groups Azure AD

Click on Yes to validate the approval. By reconnecting with the user User3@inyourcloud.fr, you can see that the user is now member of the group.

Groups Azure AD

Users can more easily seek access to an application.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.