Skip to content

Knowledge Junction

Junction where Knowledge is the sovereign, where problem meet solution, technology get explored.. Office 365, Azure, SharePoint, SharePoint Online, PowerShell, Microsoft Graph, M365

  • Home
  • About Knowledge-Junction
  • Technologies
    • Office 365
    • Microsoft Graph
    • Python
    • Azure
    • C#
    • SQL Server
    • SharePoint
    • SharePoint 2019
    • .Net
    • PowerShell cmdlets
    • IIS
    • Tools
      • Eclipse
      • JavaScript Regions
    • Visual Studio Extensions
    • Java Script
    • Type Script
    • Azure
      • Azure Governance
      • Azure Blueprints
      • Management Group
      • Azure Identity And Access Management
      • Azure Networking
      • Azure Active Directory
      • SharePoint Online
      • Microsoft Azure
  • Certification
    • Office 365 : 70-347 : Enabling Office 365 Services
    • 70-532: Developing Microsoft Azure Solutions
    • AZ-103: Microsoft Azure Administrator
    • AZ-900 MICROSOFT AZURE FUNDAMENTALS
    • M365 Certifications
      • Office 365 : 70-347 : Enabling Office 365 Services
      • M365 : MS-900 : Microsoft 365 Fundamentals
    • PL-900: Microsoft Certified Power Platform Fundamentals

Azure Identity And Access Management Part 33 – Azure Active Directory – Application Management 2 – Integrate SaaS Application

August 9, 2020September 1, 2020 ~ Manas Ranjan Moharana

Hello Friends,

Hope you all are doing good !!!

In our previous articles we have discussed about Overview of Application Management with Azure AD. Today in this article, we will continue with the same topic and discuss, how to integrate a SaaS application with Azure AD.

If you have missed our previous articles on Azure Identity And Access Management (IAM), please check it in following links.

Part 1 – Azure Active Directory – Overview

Part 2 – Azure Active Directory – Enterprise Users

Part 3 – Azure Active Directory – Create Custom Directory Role & Assign Role using Power-Shell

  • *
  • *
  • *

Part 25 – Azure Active Directory – Identity Governance

Part 26 – Azure Active Directory – Domain Service ( Azure AD-DS) 1 – Overview

Part 27 – Azure Active Directory – Domain Service ( Azure AD DS) 2 – Configure An Azure AD DS Managed Domain

Part 28 – Azure Active Directory – Domain Service ( Azure AD-DS) 3 – Join Windows Server VM To An Azure AD DS Managed Domain

Part 29 – Azure Active Directory – Domain Service ( Azure AD-DS) 4 – Install Management Tools In A Domain Joined VM

Part 30 – Azure Active Directory – Domain Service ( Azure AD-DS) 5 – Create An Organizational Unit (OU)

Part 31 – Azure Active Directory – Domain Service ( Azure AD-DS) 6 – Manage Group Policy Object (GPO)

Part 32 – Azure Active Directory – Application Management 1 – Overview

Next Article : Part 34 – Azure Active Directory – Application Management 3 – SSO Configuration For SaaS Application

Manage Applications In Azure AD :

As we discussed in our previous article that, Azure AD is taking a major part in providing cloud solution to manage identity service and providing claim service as a claim provider for many applications and for thousands of users in organizations .There are following three options available to manage different types of applications in Azure AD.

  • App Registrations
  • Application proxy
  • Enterprise Applications
Figure 1 – Azure Identity and Access Management -IAM-Azure Active Directory – Application Management – Azrue AD

In this article we will go with the first option Enterprise Application. So click on Enterprise application link from left side of Azure Active Directory landing page as showing in the above figure. It will list all the applications which pre-configured with the Azure AD as showing in the following figure. We can filter application from the list by using the filter drop-downs or we can also search a particular application by providing a name in search box.

Figure 2 – Azure Identity and Access Management -IAM-Azure Active Directory – Application Management – Enterprise Application

In the next step, if we want to add \ integrate a new application, we need to click on +New Application button as shown in the above figure. In turn it will take us to new page, where we can see different options as showing in he following figure.

Figure 3 – Azure Identity and Access Management -IAM-Azure Active Directory – Application Management – Add New Application

As shown in the above figure, the source of the applications divided into two different categories .One is Add our own application, for which there are following three options to support.

  • Application you're developing : Register an app we’re working on to integrate it with Azure AD. It is pointing to the same option (App Registration), we mentioned in above section.
  • On-premises application : Configure Azure AD Application Proxy to enable secure remote access. It is pointing to the same option (Application proxy), we mentioned in above section.
  • Non-gallery application : Integrate any other application that we don’t find in the gallery. If we are going to use SaaS application from other 3 party provider and which is not comes with default pre-configured applications.

And the other one is Add from the gallery. Today we will see how to configure a SaaS application from pre-configured application gallery.

Lab Exercises :

For our Lab , we will see how to configure YouTube SaaS application from pre-configured gallery. So let’s search the YouTube application as showing in the above figure.

Once we got the application, let’s click to configure and integrate with Azure AD as showing in the following figure. We can say it is as the pre-configured connector for YouTube application.

Figure 4 – Azure Identity and Access Management -IAM-Azure Active Directory – Application Management – Integrate YouTube App

As we can see in the above figure, there are different options to configure for the application, as listed here

  • Assign Users And Groups
  • Provision User accounts
  • Conditional Access
  • Self Service
  • Set Up Single Sign On ( SSO)

Let’s assign users or groups to newly added YouTube application. We have one MSTechs group and Uday Joshi ( uday@manasmoharanagmail .onmicrosoft.com) is one of the member of this group. We are going to assign this group as showing following figure.

Figure 5 – Azure Identity and Access Management -IAM-Azure Active Directory – Application Management – MSTechs Group
Figure 6 – Azure Identity and Access Management -IAM-Azure Active Directory – Application Management – Member of MSTechs Group

As we can see in the following figure, assigned MSTechs group for he application.

Figure 7 – Azure Identity and Access Management -IAM-Azure Active Directory – Application Management – Assigned User and Group

Configure Single Sign On (SSO) :

Enabling single sign-on (SSO) across applications and Office 365 provides a best sign-in experience for users by reducing or eliminating sign-in prompts also it reduced the effort required for managing multiple user name and password.

There are several ways to configure an application for single sign-on. Choosing a single sign-on method depends on how the application is configured for authentication.

When configuring SSO for a Cloud application, following methods can be used.

  • OpenID Connect
  • OAuth
  • SAML
  • Password-Based
  • Linked
  • Disabled

When configuring SSO for a On-premise application, following methods can be used.

  • Password-based
  • Integrated Windows Authentication
  • Header-based
  • Linked
  • Disabled

So when we are configuring SSO the available methods are varies from application to application. In this (YouTube) application following options are available. It is up-to organization, which method they want to adopt.

  • SAML
  • Password-Based
  • Linked
  • Disabled
Figure 8 – Azure Identity and Access Management -IAM-Azure Active Directory – Application Management – Single Sign-On Methods

As we can see in the above figure, SAML option need additional configuration from YouTube application provider. So, for this lab we are using Password-Based SSO.

To proceed with the configuration, lets click Single Sign On link from left side menu under Manage section. This will show all SSO methods available for this application as shown in the above figure.

As we discussed, click Password-Based method to proceed.We can see there is one Sign-on Url which is provided by application provider. Also we can change method by clicking Change single sign-on method button. click Save button to save the configuration.

Figure 9 – Azure Identity and Access Management -IAM-Azure Active Directory – Application Management – Configure Password Based

we have assigned MSTechs group to the application and also Single sign-on configured for the application. Now lets go to My Apps portal ( myapplications.mocrosoft.com and login by Uday Joshi as a member of MSTechs group for testing the app we have just integrated and after login we can see now YouTube app available in the Myapps list.

Figure 10 – Azure Identity and Access Management -IAM-Azure Active Directory – Application Management – YouTube App Added

Let’s do one more testing, and login to My Apps portal (myapplications .mocrosoft.com) by another user ‘Manas Global Admin‘ and after login as we can see in the following figure, YouTube app is not in his Myapps list because the ‘Manas Global Admin’ is not a member of MSTechs group.

Figure 11 – Azure Identity and Access Management -IAM-Azure Active Directory – Application Management – No YouTube App

Go back to Uday joshi’s My Apps portal and click YouTube app. It will ask to install the extension in the browser if the extension is not installed yet. Each browser has different way to install the extension. following figure showing, when installing extension for Google chrome browser.

Figure 12 – Azure Identity and Access Management -IAM-Azure Active Directory – Application Management – Install Extension
Figure 13 – Azure Identity and Access Management -IAM-Azure Active Directory – Application Management – Installed Extension

Once successfully installed the extension, it will ask user’s credentials to access the application. User needs to provide this credential for the first time request. This pop up will not come for next subsequent requests and user can directly redirect to the correct application.

Figure 14 – Azure Identity and Access Management -IAM-Azure Active Directory – Application Management – User Credential
Figure 15 – Azure Identity and Access Management -IAM-Azure Active Directory – Application Management – Loading YouTube App

With the above information, we are concluding this article of Application Management series. I hope this is informative to you.

Next Article : Part 34 – Azure Active Directory – Application Management 3 – SSO Configuration For SaaS Application

As I am exploring the Azure Identity and Access Management (IAM) in a detail level specially with Azure Active Directory . Please let me know if I missed anything important or if my understanding is not up to the mark.

Keep reading, share your thoughts, experiences. Feel free to contact us to discuss more.

Thanks for reading 🙂

Share this:

  • Twitter
  • Facebook
  • LinkedIn
  • WhatsApp
  • Email
  • Print

Like this:

Like Loading...

Related Articles

Posted in AZ-103: Microsoft Azure Administrator, AZ-104: Microsoft Azure Administrator, Azure, Azure Active Directory, Azure Governance, Azure Identity And Access Management, Cloud, M365, Microsoft Azure, Office 365, SharePoint Online, SharePoint Online, Technologies ADDSApplication ManagementAZ-103: Microsoft Azure AdministratorAZ-300: Microsoft Azure Architect TechnologiesAZ-301: Microsoft Azure Architect DesignAZ-303: Azure Solutions ArchitectAZ-500: Microsoft Azure Security TechnologiesAzur Custom RoleAzureAzure Active DirectoryAzure Active Directory Custom RoleAzure Active Directory featuresAzure Active Directory pricingAzure AD Access ReviewAzure AD AuthenticationAzure AD DeviceAzure AD Device IdentityAzure AD Device Identity Management. Azure AD JoinedAzure AD Domain ServiceAzure AD DSAzure AD Entitlement ManagementAzure AD Google Federation for B2B userAzure AD Identity GovernanceAzure AD Identity ProtectionAzure AD PIMAzure AD Privileged Identity Management (PIM)Azure AD registeredAzure AD Schema extensionAzure Identity And Access ManagementAzure MFAAzure RBACAzure Role AssignmentAzure Role-Based Access Control (RBAC)Bulk Update Azure AD user profilesBusiness-to-Business (B2B)Custom Role AssignmentDevice ManagementDirectory schema extensionsDomain JoinDomain servicesEmail one-time passcodeEntitlement Management Access PackageExam AZ-104: Microsoft Azure AdministratorExtension AttributeGuest UserHybrid Azure AD joinedMulti-Factor Authentication (MFA) For Guest UserPrivileged identity management (PIM)Register Azure AD UserRisk Detection ReportRisk Sign-in ReportRisk User ReportSelf-Service Password Reset (SSPR)Sign-in risk PolicySync Password HashesTerms Of UseUser risk policy

Published by Manas Ranjan Moharana

Around 11+ years of total IT experience and since last 10 years working on almost on all version of SharePoint .Interested in learning and sharing something new to be helthy. View all posts by Manas Ranjan Moharana

Post navigation

‹ PreviousAzure – What is Azure and Where to start – Getting started with Azure
Next ›Containerisation – Brief Introduction

4 thoughts on “Azure Identity And Access Management Part 33 – Azure Active Directory – Application Management 2 – Integrate SaaS Application”

  1. kanjuspua says:
    August 10, 2020 at 5:13 am

    good

    Loading...
    Log in to Reply
  2. Pingback: Azure Identity And Access Management Part 34 – Azure Active Directory – Application Management 3 – SSO Configuration For SaaS Application | Knowledge Junction
  3. Pingback: Azure Identity And Access Management Part 37 – Azure Active Directory – Plan Authentication With Azure AD | Knowledge Junction
  4. Pingback: Learn Basic Of Azure Active Directory And Azure Identity And Access Management In 100 Hours | Knowledge Junction

You must log in to post a comment.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 322 other subscribers

Top Posts & Pages

  • Office 365 : Connecting to SharePoint online site using CSOM when Multi-Factor Authentication (MFA) is enabled for the user
    Office 365 : Connecting to SharePoint online site using CSOM when Multi-Factor Authentication (MFA) is enabled for the user
  • M365 - SharePoint Online - CSOM - Getting SharePoint client context using PnP.Framework in .NET Core application
    M365 - SharePoint Online - CSOM - Getting SharePoint client context using PnP.Framework in .NET Core application
  • GIT : Visual Studio 2019 – resolved the issue – Git failed with a fatal error. could not read Username for ‘https://.visualstudio.com’: terminal prompts disabled? OR Error encountered while cloning the remote repository: Installation
    GIT : Visual Studio 2019 – resolved the issue – Git failed with a fatal error. could not read Username for ‘https://.visualstudio.com’: terminal prompts disabled? OR Error encountered while cloning the remote repository: Installation
  • GIT : Visual Studio 2017 - resolved the issue - Git failed with a fatal error. could not read Username for 'https://.visualstudio.com': terminal prompts disabled?
    GIT : Visual Studio 2017 - resolved the issue - Git failed with a fatal error. could not read Username for 'https://.visualstudio.com': terminal prompts disabled?
  • Automatically download Outlook attachments
    Automatically download Outlook attachments

Recent Posts

  • M365 – SharePoint Online – CSOM – Getting SharePoint client context using PnP.Framework in .NET Core application January 25, 2021
  • Microsoft Teams : Integrating with Service Now – Part 4 – Teams action – For a selected message – Taking user input using Adaptive Card and creating new incident in ServiceNow January 20, 2021
  • E-commerce Series – Part 8 January 17, 2021
  • E-commerce Series – Part 7 January 16, 2021
  • Microsoft Teams : Integrating with Service Now – Part 3 – Posting back ServiceNow incident number to user (to whom ticket is assigned) January 12, 2021

Follow us on Twitter

My Tweets

Hits

  • 327,368 total visitors

Our events

Articles by Author

  • 1 Yogesh Meher
  • 1 Mayur Gaikawad
  • 1 GAURAV KAWADIWALE
  • 1 Prasham Sabadra
  • 1 Kirtiranjan Moharana
  • 1 Kunal Lunkad
  • 1 Manas Ranjan Moharana
  • 1 Sanket Modi
  • 1 yogesh narayan ojha
  • 1 Prasad Pathak
  • 1 Robin (Ajay) Robert
  • 1 RohitSp
  • 1 Snehal Sabadra
loading Cancel
Post was not sent - check your email addresses!
Email check failed, please try again
Sorry, your blog cannot share posts by email.
%d bloggers like this: