Creating & Managing Microsoft Azure Active Directory Identities

Creating & Managing Microsoft Azure Active Directory Identities

Overview

In this guide, we will explore how to create and manage Azure AD identities (users and groups). What is Azure Active Directory?

Azure Active Directory (Azure AD) is Microsoft’s cloud-based identity and access management service, which helps your employees sign in and access resources.

Objectives

When you are finished, you will accomplish the following objectives:

  • Create and configure Azure AD users
  • Create Azure AD groups with assigned membership
  • Create Azure AD groups with dynamic membership
  • Create an Azure Active Directory (AD) tenant
  • Manage Azure AD guest users

Prerequisites

  • Azure account with an active subscription. You can create a Free Azure Account if not available.

Task 1 - Create and configure Azure AD users

  1. Sign in to the Azure Portal.
  2. In the search bar, look for Azure Active Directory.
  3. On the settings blade, under Manage section, select Users.
  4. Select your user account to access the profile.
  5. Select Edit on the top bar.
  6. Set Usage Location to United States and click on Save to apply the changes.

This is necessary in order to assign an Azure AD Premium P2 license to your user account.

  1. Navigate back to Users page and add a new user by selecting + New User.
  2. Enter the following details (leave the others to defaults values).
SettingValue
User nameaad-user-01
NameAAD User 01
Let me create the passwordTrue
Initial password@adU$3r01
Usage locationUnited States
Job titleCloud Administrator
DepartmentEngineering
  1. Select the newly created user AAD User 01 and access the profile.
  2. Note down the User Principal Name (UPN).
  3. In the Manage section, select Assigned Roles. Add a new assignment using the + Add assignments in the top bar.
  4. Assign the User administrator role to the user.
  5. Use a new Private Window to login to Azure Portal using the newly created user. Make sure to use the UPN, which we noted from step 10. On first login, it will ask to update the password, change the password for the user.
  6. In the search bar, look for Azure Active Directory.

The new user has access to Azure Active Directory tenant, it does not have access to the Azure resources. We have only provided access using the Azure AD Role. For Azure resources, we need to provide access using Role Based Access Control (RBAC)

  1. On the settings blade, under Manage section, select Users. We will add another user, select + New User.
  2. Enter the following details (leave the others to defaults values).
SettingValue
User nameaad-user-02
NameAAD User 02
Let me create the passwordTrue
Initial password@adU$3r02
Usage locationUnited States
Job titleManager
DepartmentOperations
  1. Select the newly created user AAD User 02 and access the profile. Note down the User Principal Name (UPN).
  2. Sign out from the Azure Portal for the user AAD User 01.

Task 2 - Create Azure AD groups with assigned membership

  1. Come back to the Azure Portal where you signed in using the default user and go to Azure Active Directory.
  2. On the settings blade, under Manage section, select Groups. We will create a new group, select + New Group. Fill the details:
SettingValue
Group typeSecurity
Group nameEngineering Administrators
Group descriptionAdministrators from engineering team
Membership typeAssigned
  1. Click on the No members selected, we will add the members to this group.
  2. Select the AAD User 01 in the Add members blade.
  3. Finally, Create the group.
  4. You can see the new group has been created. Click on the group and select Members under the Manage section on the blade.
  5. You will see AAD User 01 is part of the group now.

Task 3 - Create Azure AD groups with dynamic membership

  1. Come back to go to Azure Active Directory overview page.

We need Azure AD P1 or P2 license to implement dynamic memberships.

Learn More: Azure Active Directory pricing

  1. Select Licenses under Manage section.
  2. Select All products under Manage section.
  3. Select Try/Buy and activate the Azure AD Premium P2 free trial.
  4. Refresh the brower to verify the activation was successful.
  5. Select Azure Active Directory Premium P2 product and click on + Assign.
  6. Under the Users and group tab, select + Add users and groups. Add all the 3 users and click on Assignment options tab.
  7. Make sure all the assignments are turned on.
  8. Click on Review + assign, finally select Assign.
  9. Head back to the Azure Active Directory overview page. Select Groups.
  10. Select + New Group, we will create a dynamic group this time. Fill the details:
SettingValue
Group typeSecurity
Group nameOperations Manager
Group descriptionManagers from Operations teams
Membership typeDynamic User
  1. Click Add dynamic query.
  2. Create a new rule under Configure Rules, fill the details:
SettingValue
And/Or
PropertyjobTitle
OperatorEquals
ValueManager
  1. Add another rule:
SettingValue
And/OrAnd
Propertydepartment
OperatorEquals
ValueOperations
  1. Click on Save, and select Create to create the group.
  2. Select the newly created group Operations Manager. Click on the group and select Members under the Manage section on the blade.
  3. You will see AAD User 02 is part of the group now, which is added dynamically by the rules we created.

You might experience a delay for dynamic memberships, this is expected. Please wait for sometime and check again.

Task 4 - Create an Azure Active Directory (AD) tenant

  1. Come back to go to Azure Active Directory overview page.
  2. Click on + Create a tenant. Choose Azure Active Directory as the tenant type. Click Next: Configuration.
  3. Fill the details:
SettingValue
Organization nameAzure AD Test
Initial domain nameany valid DNS name consisting of lower case letters and digits and starting with a letter
Country/RegionUnited States
  1. Click on Review + Create and then finally Create. Wait for the tenant to be created.
  2. On successful creation, click on Tenant creation was successful. Click here to navigate to your new tenant: Azure AD Test.

Task 5 - Manage Azure AD guest users

  1. In the Azure Portal which is connected to Azure AD Test tenant. Select Users under Manage section and create a new user using + New user.
  2. Fill the details:
SettingValue
User nameaad-test-user-01
NameAAD Test User 01
Let me create the passwordenabled
Initial password@adT3$TU$3r02
Job titleManager
DepartmentOperations
  1. Note down the UPN of the newly created user.
  2. Switch back to the default Azure AD tenant by using Directory + Subscription in the Azure Portal Toolbar.
  3. Select Users in Manage section and select + New guest user. Fill the details:
SettingValue
NameAAD Test User 01
Email addressthe User Principal Name you copied earlier in step 3
Usage locationUnited States
Job titleManager
DepartmentOperations
  1. Click Invite.
  2. Select the newly created user. Go to Groups and check if the user is part of the Operations Manager group. This will happen because of the dynamic group membership rule we created in step Task 3.

Conclusion

You created and managed the users and group in Azure Active Directory. Learned about assigned and dynamic memberships and inviting guest users to your tenants.