itknowhowcentral Logo
Popular:
  1. Home
  2. What is Active Directory in Azure

Active Directory in Azure

Microsoft Windows Active Directory is a cloud service that enables administrators to manage resources, to administer end-user identities and access privileges. It is a part of Microsoft Azure public cloud computing platform. Now Renamed as Entra ID

 

Active Directory service 

  • Provide directory feature, 
  • Provide access management feature.
  • Helps you with identity protection.

 

 

Tenant Based
Azure Active Directory is a Microsoft multi-tenant cloud based directory and Identity Management service.

 

Azure AD facilitates employee registration across many services, enabling access them anywhere over the cloud with a single set of login credentials.

 

3 Main Users of MS Active Directory

  • IT Admins
    •  Use Azure AD to manage role permissions and control access to specific applications.
  • App Developers
    • Use Azure AD to add single sign on to their apps.
    • Provides app developer with application programming interface for API calls.
  • Cloud Services Subscribers
    • Normal Users who subscribe to the Azure cloud service.
    • Who access to the cloud service like office 65, CRM of Azure, or default tenant of Azure AD.

 

 

Active Directory Flow

  • Let we want to access some Azure Cloud Service
    • Now There is Gateway at Cloud Service called Azure Directory
    • In Cloud we have multiple subscriptions
      • Each Subscription has multiple resources
  • To access these resources from internet okay, we have to authenticate External users using some credentials
    • Using that user ID and password will authenticate ourself on Azure AD.
  • Authentication
    • This user ID and password will be created on Azure Active Directory, and you will authenticate yourself on Azure AD first.
  • Authorization on AD
    • WHY? even though we have authenticated at AD, even then we can't access resources inside our subscription. to Access, user Need to Authorize first
    • How?
      • We need to get authorized at the subscription level.
      • Authorization can be done using Rbac. That is role based access control.
      • Access will be given based on User Role
        • If you are a developer or developer based role will be given.
        • If you are a tester, a tester based role will be given
    • At what Level
      • This authorization can can be done at 
        • the resource group level.
        • the resource level also.

 

 

 

Check/Assign User Role at Microsoft Active Directory

  • login to portal.azure.com
  • search Entra Id and move to AD page
  • Click on Users on Left Panel
    • from user list click specific user name
    • On User Detail page click on numeric no giving against ‘Assigned Roles’
      • right now my user has Global Admin Role

 

 

Check/Assign User Role at Specific Resource

WHY? 

  • I was authorized on Azure Active Directory level
  • But does that give permission to access the resources? 
  • So I need to authorize myself at the subscription level also beside AD

 

How?

  • Go to your Active working Subscription
  • Click Access Control (IAM) on left panel
    • Click Tab “Role Assignments”
      • You can see your user name here as an owner.
      • An owner role has been given. So this person is authorized at the subscription level. So whatever resource gets created inside this subscription now this person will have access to it.

 

Related Question