Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 2 years ago.
Improve this question
I would like to synchronise Azure AD users with my custom home grown user management solution using SOAP API's. My custom home grown user management has SOAP API's for all the user management operations. Any suggestions or pointers for synchronising AD users to my custom home grown user management solution using REST API's is useful.
thanks Lokesh
There is an open standard I can think of, called SCIM.
This is taken from the microsoft docs that describes using SCIM with Azure AD
As an application developer, you can use the System for Cross-Domain Identity Management (SCIM) user management API to enable automatic provisioning of users and groups between your application and Azure AD. This article describes how to build a SCIM endpoint and integrate with the Azure AD provisioning service. The SCIM specification provides a common user schema for provisioning. When used in conjunction with federation standards like SAML or OpenID Connect, SCIM gives administrators an end-to-end, standards-based solution for access management.
(source)
Basically you have to implement some well defined endpoints and Azure AD will take care of the syncing.
Related
Closed. This question is not about programming or software development. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 5 days ago.
Improve this question
I am having trouble finding documentation that covers Single Log Out functionality in Azure AD B2C when it is initiated by an external IDP.
Consider that we have an application protected by Azure AD B2C, and the user is signed in to Azure AD B2C with a federated identity. Now, documentation is pretty clear about how to initiate the log out from the application / Azure B2C side and is also clear how B2C will logout from external identity providers at the same time.
However, consider when the user logs out on the external IDP side. We want the external IDP to initiate single log out to Azure AD B2C, and Azure AD B2C to initiate single log out with the app. So, essentially the opposite flow.
I know Azure AD B2C has a logout URL (considering EnforceIdTokenHintOnLogout is not enabled), I could theoretically configure the relying party configuration on the external IDP with B2C's log out URL. i.e. https://{tenant}.b2clogin.com/{tenant}.onmicrosoft.com/{policy}/oauth2/v2.0/logout
Would this trigger the logout of B2C as expected? Am I approaching this in the right way? Is there any documentation covering the implementation of this?
I am new to Azure AD. I have to implement two websites which uses Azure Single Sign On feature to login. I have gone through few documents and blogs but it wasn't helpful enough. Could anyone suggest me a relevant document or approach for beginners.
This approach I am using:
I made a new tenant.
Made a app in app registration
Assigned the users through Enterprise Application changes
But now i have to add another website to webapp and then make sure if user logs in anyone of those then it should automatically get logged in other website as well.
When you have multiple applications in your organization, it's better to use Azure AD and you are on the right path.
To configure an application for SSO there are multiple ways. Based on your requirement you can choose any SSO protocol from below for authentication.
There are protocols like OpenID Connect, OAuth, SAML, password-based etc. to configure SSO.
As you have two websites, register two webapps in Azure AD and configure SSO
While registering the webapps, make sure to add redirect URI or Reply URLs of those two websites respectively.
Make sure both webapps are using same SSO protocol.
As mentioned in the comment by #Anand Sowmithiran, while the user is authenticating, the login flow will detect that user is already authenticated and will provide the token seamlessly.
For more in detail, please refer below links to get some idea:
Can I use Azure for SSO to multiple websites - Microsoft Q&A
single sign on - SSO with multiple azure web apps - Stack Overflow
I am building a react application which needs to be sign in and sign up users only through the application. I am using AADB2C for user management. I know this question has been asked several times in the past, but I still finding a way to sign up/sign in users using AADB2C without redirecting to Microsoft login page. I found it impossible back in 2 years ago, but I really appreciate your help, If there is any services or packages to overcome this riddle .
#PrathapG I have responded to your question here: https://learn.microsoft.com/answers/questions/21036/log-in-to-azure-ad-b2c-without-redirecting-to-b2cl.html
You can always use the Graph API to directly create users into the B2C Directory, but that defeats most of the advantages of B2C of not having to write the plumbing code.
You are now also responsible for securing this user creation code.
Currently the new login url is: .b2clogin.com, which does not contain any reference to MS anymore, which partly may solve your issue?
There has to be some sort of Identity management for your application. if you don't want Microsoft to do the identity management for your application then there are various other options.
There are several well known Identity Providers like Amazon , Facebook etc
Or you can provide your own Identity provider using the first option
"+New OpenID Connect Provider".
I have trouble linking my B2C AAD to Azure Analysis Services. Is this even possible? If yes, what's the best way to build it in?
The documentation states "Azure Analysis Services supports Azure AD B2B collaboration" but doesn't mention B2C. Is there a workaround?
It is not listed in the release notes and a number of others have asked about this, so from what I can tell it does not appear to be supported. I have escalated your question to the Microsoft product group and will get back to you as soon as I have a definitive answer.
In the meantime you can make a feature request in User Voice. https://feedback.azure.com/forums/169401-azure-active-directory/category/160596-b2c
I'm wondering if anybody can share some practical experience here:
I have a client making extensive use of the OKTA identity solution for single sign-on to various cloud/web applications (both internal and external) as well as extensive provisioning options (creating users in SaaS apps, adding them to groups etc.). They also use OKTA in combination with Radius to provide MfA for Linux users setting up VPN's and for shell login on Linux (dev-ops) servers. Their sign-in to O365 / D365 is at this stage also federated via OKTA, performing SSO into on premise Active Directory.
When they implemented OKTA 2 years ago Azure AD was not yet mature enough in this area but my feeling is that it since has become mature enough to replace OKTA. We want to make use of AAD Premium for SSO and provision, the Microsoft Company Portal and Azure App Proxy for reverse proxy if internal web applications. We also want to use the NPS plugin for AAD MfA for providing MfA during Radius login requests.
In other swords we will need to make use of just about every tool in the Azure AD box to meet the various requirements imposed due to migration from OKTA (current implementation has unfortunately become a "requirement").
Does anybody have experience with migration from OKTA to AAD?
Are their any experiences with extensive use of provisioning options for SaaS apps in AAD?
Any advice, tips, experiences are welcome and much appreciated.