Azure AD Groups

Azure AD Groups

Azure AD Groups

Groups on Azure AD

The group management has been implemented in Azure AD, this feature allows easier administration of access to resources. These may be local (resources present in the Azure Active Directory) or external (SharePoint site, SAAS application,…). Access to a resource can be done in several ways:

  • Direct assignment : the owner of the resource gives access to the resource. This weighted solution daily administration.
  • Belonging to the Group : in order to facilitate the management of rights of access to a resource, it is possible to add a security group to a resource. Users are added to these groups and thereby recover access to the resource.
  • Based on a rule : the resource owner has the ability to create a rule that will define the users who have access to the resource dynamically. For this, it is necessary to use the attributes of the users and to set a value. When the attribute of the user has the correct value, access to the resource is granted.
  • External authority: access is granted to a group synchronized by an external (Active Directory for example). So the the resource is accessed from the on-premise directory.

How to implement groups in Azure

In order to implement groups in Azure, go to the Azure AD database, and then click groups tab. Click Add a group.

Azure AD Groups

Enter the name of the Group and a description, and then click Validate.

Enter information about group Azure AD

The group is present in Azure.

Groups Azure AD has been created

Click the Group and in members, click Add members.

Add member on Groups

Select users and then validate the selection.

Add member on Groups

The users have been properly added to the group.

Delegation operation

Before you can delegate operation to a group, it is necessary to proceed with the activation of the feature.
In the portal Azure, select the Azure AD, then click on the configure tab.


In group management, enable the setting groups with delegation management by clicking Yes.

Configure Groups

Select the setting users can create security groups by clicking Yes. Click Save to commit the change. Select the group which must be delegated, and then click on the owners tab. Click the link add owners.

Add Owner

Select a user with no rights administrator then confirm your choice.

Groups Azure AD

The user is present in the list of owners.

Groups Azure AD

Using a Web browser, go to the URL

Groups Azure AD

Enter the account owner of the group in the fields, and then click Connect.

Groups Azure AD

In the window that appears, click groups.

Select Groups

Click the group that appears, the user has the possibility to see the members of the group but also to modify. The user has the possibility to change the group because he is the owner. Click on Edit and then in the drop-down list Group Policy, select This group requires owner approval. Click on Update. So, it’s very easy to delegate the management of these groups to one or more users. Make the creation of the Group G-Twitter and add a different owner of the previous group.

Update Groups
Groups Azure AD

Go back to the URL, log in with the account owner of the Group G-Twitter.
Only the group to which the user is a member appears.

Groups Azure AD

In the drop-down list select All to view all Azure Active Directory groups.

Application appear

Click on the Group G-Facebook, properties appears. Click on Join group in order to send the request to the owner of the group.

Access to the application

Enter the desired justification then click on Request.

Request access

Click approvals and then select My Requests in the list box. The demand appears.

Request access to the application

sign you then sign up as a Click approvals and select the application for approval. Click Approve to approve the request

Application appear

Click on Yes to validate the approval. By reconnecting with the user, you can see that the user is now member of the group.

Access to application

Users can more easily seek access to an application.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.