Azure Identity And Access Management Part 33 – Azure Active Directory – Application Management 2 – Integrate SaaS Application

Hello Friends,

Hope you all are doing good !!!

In our previous articles we have discussed about Overview of Application Management with Azure AD. Today in this article, we will continue with the same topic and discuss, how to integrate a SaaS application with Azure AD.

If you have missed our previous articles on Azure Identity And Access Management (IAM), please check it in following links.

Part 1 – Azure Active Directory – Overview

Part 2 – Azure Active Directory – Enterprise Users

Part 3 – Azure Active Directory – Create Custom Directory Role & Assign Role using Power-Shell

• *
• *
• *

Part 25 – Azure Active Directory – Identity Governance

Part 26 – Azure Active Directory – Domain Service ( Azure AD-DS) 1 – Overview

Part 27 – Azure Active Directory – Domain Service ( Azure AD DS) 2 – Configure An Azure AD DS Managed Domain

Part 28 – Azure Active Directory – Domain Service ( Azure AD-DS) 3 – Join Windows Server VM To An Azure AD DS Managed Domain

Part 29 – Azure Active Directory – Domain Service ( Azure AD-DS) 4 – Install Management Tools In A Domain Joined VM

Part 30 – Azure Active Directory – Domain Service ( Azure AD-DS) 5 – Create An Organizational Unit (OU)

Part 31 – Azure Active Directory – Domain Service ( Azure AD-DS) 6 – Manage Group Policy Object (GPO)

Part 32 – Azure Active Directory – Application Management 1 – Overview

Next Article : Part 34 – Azure Active Directory – Application Management 3 – SSO Configuration For SaaS Application

Manage Applications In Azure AD :

As we discussed in our previous article that, Azure AD is taking a major part in providing cloud solution to manage identity service and providing claim service as a claim provider for many applications and for thousands of users in organizations .There are following three options available to manage different types of applications in Azure AD.

• App Registrations
• Application proxy
• Enterprise Applications

In this article we will go with the first option Enterprise Application. So click on Enterprise application link from left side of Azure Active Directory landing page as showing in the above figure. It will list all the applications which pre-configured with the Azure AD as showing in the following figure. We can filter application from the list by using the filter drop-downs or we can also search a particular application by providing a name in search box.

In the next step, if we want to add \ integrate a new application, we need to click on +New Application button as shown in the above figure. In turn it will take us to new page, where we can see different options as showing in he following figure.

As shown in the above figure, the source of the applications divided into two different categories .One is Add our own application, for which there are following three options to support.

• Application you're developing : Register an app we’re working on to integrate it with Azure AD. It is pointing to the same option (App Registration), we mentioned in above section.
• On-premises application : Configure Azure AD Application Proxy to enable secure remote access. It is pointing to the same option (Application proxy), we mentioned in above section.
• Non-gallery application : Integrate any other application that we don’t find in the gallery. If we are going to use SaaS application from other 3 party provider and which is not comes with default pre-configured applications.

And the other one is Add from the gallery. Today we will see how to configure a SaaS application from pre-configured application gallery.

Lab Exercises :

For our Lab , we will see how to configure YouTube SaaS application from pre-configured gallery. So let’s search the YouTube application as showing in the above figure.

Once we got the application, let’s click to configure and integrate with Azure AD as showing in the following figure. We can say it is as the pre-configured connector for YouTube application.

As we can see in the above figure, there are different options to configure for the application, as listed here

• Assign Users And Groups
• Provision User accounts
• Conditional Access
• Self Service
• Set Up Single Sign On ( SSO)

Let’s assign users or groups to newly added YouTube application. We have one MSTechs group and Uday Joshi ( uday@manasmoharanagmail .onmicrosoft.com) is one of the member of this group. We are going to assign this group as showing following figure.

As we can see in the following figure, assigned MSTechs group for he application.

Configure Single Sign On (SSO) :

Enabling single sign-on (SSO) across applications and Office 365 provides a best sign-in experience for users by reducing or eliminating sign-in prompts also it reduced the effort required for managing multiple user name and password.

There are several ways to configure an application for single sign-on. Choosing a single sign-on method depends on how the application is configured for authentication.

When configuring SSO for a Cloud application, following methods can be used.

• OpenID Connect
• OAuth
• SAML
• Password-Based
• Linked
• Disabled

When configuring SSO for a On-premise application, following methods can be used.

• Password-based
• Integrated Windows Authentication
• Header-based
• Linked
• Disabled

So when we are configuring SSO the available methods are varies from application to application. In this (YouTube) application following options are available. It is up-to organization, which method they want to adopt.

• SAML
• Password-Based
• Linked
• Disabled

As we can see in the above figure, SAML option need additional configuration from YouTube application provider. So, for this lab we are using Password-Based SSO.

To proceed with the configuration, lets click Single Sign On link from left side menu under Manage section. This will show all SSO methods available for this application as shown in the above figure.

As we discussed, click Password-Based method to proceed.We can see there is one Sign-on Url which is provided by application provider. Also we can change method by clicking Change single sign-on method button. click Save button to save the configuration.

we have assigned MSTechs group to the application and also Single sign-on configured for the application. Now lets go to My Apps portal ( myapplications.mocrosoft.com and login by Uday Joshi as a member of MSTechs group for testing the app we have just integrated and after login we can see now YouTube app available in the Myapps list.

Let’s do one more testing, and login to My Apps portal (myapplications .mocrosoft.com) by another user ‘Manas Global Admin‘ and after login as we can see in the following figure, YouTube app is not in his Myapps list because the ‘Manas Global Admin’ is not a member of MSTechs group.

Go back to Uday joshi’s My Apps portal and click YouTube app. It will ask to install the extension in the browser if the extension is not installed yet. Each browser has different way to install the extension. following figure showing, when installing extension for Google chrome browser.

Once successfully installed the extension, it will ask user’s credentials to access the application. User needs to provide this credential for the first time request. This pop up will not come for next subsequent requests and user can directly redirect to the correct application.

With the above information, we are concluding this article of Application Management series. I hope this is informative to you.

Next Article : Part 34 – Azure Active Directory – Application Management 3 – SSO Configuration For SaaS Application

As I am exploring the Azure Identity and Access Management (IAM) in a detail level specially with Azure Active Directory . Please let me know if I missed anything important or if my understanding is not up to the mark.

Keep reading, share your thoughts, experiences. Feel free to contact us to discuss more.

Thanks for reading 🙂