Is it possible to dynamically create an Azure Active Directory over the Azure shell or from C#?
The only documentation I was able to find is this https://learn.microsoft.com/en-us/cli/azure/ad?view=azure-cli-latest describing some commands but it does not explain how to create a new tenant or Azure AD B2C.
We are builing an application for a lot of client organization. Each organization would need an own active directory and database to seperate them from each other logically and securly. That's why we want to dynamically create active directories. We don't want the client to wait and we don't want to manually create everything for each one.
Thank you for your help!
It is not possible to create a Azure Active Directory using Azure Shell or C#. A tenant represents an organization in Azure Active Directory.
Azure AD service instance that an organization receives and owns when it signs up for a Microsoft cloud service such as Azure, Microsoft Intune, or Microsoft 365
Related
I am trying to get a Database configured to use Integrated Auth. In other words, I have an App Service, and I want it to use Integrated Auth so that I don't have to use Sql Server username/password in a connection string.
So I went to my existing Azure Account and created an Azure Active Directory.
The Active Directory was created, and I then switched to this Directory. However, all of the resources of my usual Azure account are not to be found. It is as if I had created a brand new Azure account.
If I try to create a resource, it tells me that I have no subscription, and that I need to create one. So I created one, but it ended up getting linked to my original account, not the new Active Directory Account.
I tried again to add a subscription, but it asks me to sign in, but I don't understand how I am supposed to sign in to the new AD account.
I am not understanding what is going on here. Is an Azure Active Directory a new and different account than my original?
How do I "sign in" to the new active directory so I can add a subscription?
An Azure subscription is always linked to an Azure AD tenant (directory).
The hierarchy looks like this:
Your default Azure AD
Subscription
SQL DB
The new Azure AD you created
So you can see the SQL DB is looking at the Azure AD you already had.
Because that's the one linked to the sub where the DB is.
Make sure you are looking at the directory where your DB is, you should be able to go to "Azure Active Directory" from the service list.
"Integrated auth" usually means AD authentication, so I want to clarify that Azure SQL does not support that.
Neither does App Service.
What they do support is Azure AD authentication, which is documented here: https://learn.microsoft.com/en-us/azure/sql-database/sql-database-aad-authentication.
Mostly I recommend enabling a Managed Identity on the App Service, granting it access to the database, and then using that from within the app to connect.
I'm working on an application that will allow users to authenticate to Azure Active Directory and then manage resources in their Azure account via Azure Resource Manager API calls.
I've found several walkthroughs on building such an app including this post. However, in the part that discusses authentication with Azure Active Directory, there's a step showing the need to manually retrieve the Azure Active Directory name from the Azure Portal.
The directory name is plugged into app settings (and ultimately authentication calls to the directory) as follows
http://login.microsoftonline.com/{directory_domain_name}/OAuth2/Authorize
Is there any way to programmatically retrieve {directory_domain_name} without requiring users to login and lookup the information in the Azure Portal?
The one answer to this question has a dead link and another pointing to the Graph API, which seems to still require the domain name.
For your particular scenario, look like you want to build an app that will be users from different Azure AD tenants. This scenario is best addressed by building a multi-tenant application.
To make your application multi-tenant, you'll need to go to the Azure Portal and in the Configure tab of your Azure AD application, set the "Application is Mult-Tenant" option to yes.
Once you do this, you can just call
http://login.microsoftonline.com/common/oauth/authorize
http://login.microsoftonline.com/common/oauth/token
And Azure AD will resolve the figure out which tenant to authenticate against based on the the credential that the user types in.
More information on multi-tenant applications:https://azure.microsoft.com/en-us/documentation/articles/guidance-multitenant-identity-authenticate/
Sample multi-tenant application: https://github.com/Azure-Samples/active-directory-dotnet-webapp-multitenant-openidconnect
I have a MVC5 webapp that I protect using ACS (Access Control Service). One of the identity providers is the Windows Azure Active directory.
I want the user to be able to create their own AD tenant and create a user themselves using my webapp.
How can I create a Azure Active Directory tenant and create an accompanied user by code?
I don't believe you can programmatically create a new AD tenant. One is tied to the subscription when its created, and assigning it to a domain requires several manual steps.
However, with regards to creating/managing users in that tenant, I'd suggest you start looking here: http://msdn.microsoft.com/library/azure/dn646737.aspx#BKMK_Graph and here: http://msdn.microsoft.com/en-us/library/azure/hh974476.aspx
Is it possible to programmatically create a Azure Active Directory within a Azure subscription.
I have looked through the Azure Management API's and can see methods to create VM's, databases but not WAAD's.
If it is possible. How many WAADs can be created per subscription?
No, it isn't possible to create Azure Active Directories programmatically.
As Jeff pointed, the directories listed in the Azure AD node are not contained in the subscription - but instead are the directories in which the currently signed in user account exists.
I would like create a new Active Directory in Azure with powershell.
Do you know the cmdlet to do this ?
Thank you !
You cannot create Windows Azure Active Directory tenant using PowerShell.
First of all, you do not create Azure Active Directory. It is already created and managed by Microsoft. What you create is a tenant within Azure Active Directory. And you cannot just create it. Especially using just some API.
Windows Azure AD tenant is being created when someone creates an Office365 Subscription, or Microsoft Intune Subscription, or Windows Azure Subscription and so on.
Read carefully through the entire article here, in order to understand what is Windows Azure AD Tenant, how it is created and where it is used.