Introduction to Azure Active Directory
Azure Active Directory
Azure Active Directory or AAD, often referred as tenant, is used to manage access to Microsoft SaaS products like Office 365, integration to other third party like Salesforce , BOX, or SAP.
Below figure describes the Connection between Azure AD and other SaaS products
It is also used to provide access to Azure users, Customers, Providers based on Roles and policies defined in AAD.
While getting to AAD, You will get a Free Azure subscription: azure.microsoft.com/en-us/free, and once you login to azure portal and you will see that your name will flash in your browser like : *.onmicrosoft.com. Where * is the name of your AAD.
There are four editions of Azure Active Directory.
- Free Edition
- Basic Edition
- Premium P1 Edition
- Premium P2 Edition
Single Sign on ( SSO ) , AAD Connect and self service Password reset are available in all editions.
Below is the details of AAD features per edition.
When we create AAD user in portal, we have following three options:
- User: It is basic user type with limited access to most of directory resources
- Global Administrator: The credential used to create Azure subscription originally is created as a Global Administrator. This role has full administrative access to all feature in AAD
- Limited Administrator: It is used to provide nonglobal administrative role to user. Like Application Admin, helpdesk Admin, Service Admin, and other 30 built-in roles.
Now if a customer want to add its own organization domain name , instead of onmicrosoft.com , They first need to add the custom domain to Azure AD and once it is done and added , you will be able to add user with your custom domain name like email@example.com else you will be able to add user with default AzureAD tenant name like user@*.onmicrosoft.com , where as * is name of your tenant.
Once you sign in using created users, the account will not be able to create any Azure resources, because you are not linked to any subscription. In order to link you account to any subscription, you have to go to subscription blade which list the subscription which are linked to your account. If user Click + Add button, they will be able to create their own subscription that allow them to create azure resources.
AAD connect is used to create a Hybrid Identity Solution, between On-Premises Active Directory and Azure Active Directory.
AAD connect configures Azure in such a way that uses with an On-premises D can access Azure resources. AAD connect helps with synchronization which creates directory objects such as users, device, and groups existing in your on-premises AD to Cloud.