Adding/ Removing Users To Enterprise Applications In Azure Active Directory

In this article we will be looking into adding new users to Azure active directory and providing access to your enterprise applications without giving them access to your application's dedicated login information. Azure uses a secure communication protocol to automatically retrieve the applications login details saved at your application on Azure and automatically allows your users to gain access to the application.

This is veryhelpful when you have support teams for your firm which use Twitter or any other social media application to provide support to your customers. So when a new employee joins your support team you can easily grant them access to the application and revert back the access to employees leaving the firm.

So let’s get started,

Step 1

Login into Azure portal

On the left blade search for Azure Active Directory

Step 2

Inside Azure Active Directory, look for 'Add a guest user' and click on it.

Note as of now in new portal Microsoft does not allow you to use 'Add a User' option to add an existing Microsoft user account as it was in the old classic portal. So, we will be using guest user for this scenario

Step 3

Enter an email Id you'd like to invite to use your AAD along with your personalized message. And click on invite.

Step 4

Once the invite has been sent go to 'users and groups' tab which could be found under 'manage' 

Step 5

Once inside users and groups you can see all the users that have been added to you AAD. Click on the user you would like to make changes.

Step 6

Under individual profile fill in the user details as per your requirement.

Step 7

Set up a usage location to the user to enable them to access the application that we are about to create. And click save.

Step 8

Once a user profile is filled up go back to AAD blade and find 'licenses' tab.

Step 9

Inside licenses click on all products to find a '+try/bye' tab and click on it.

Step 10

Here you can find 'Azure AD Premium' and 'Enterprise Mobility Suite' if you are an individual startup and have fewer employees you can go with Azure AD premium service or if you have an entire set of enterprise applications that you's like to use for your company you can choose enterprise mobility suite and click on activate.

Step 11

Once the trial is activated you can find it in the all products list and choose which ever is activated as per your requirement. And click on it.

Step 12

Under the licensed users you can find 'Assign' option. Click on it to assign a user to it. You can also use licensed group to assign group of users.

Step 13

Under assigned users click on users and group and select as many users you would like to assign it to the application. And click on select.

Step 14

Then select assignment options to specify what a user can access in your AD. And click on and select assign to complete the process.

Step 15

After assigning click on refresh and you can find all assigned user.

Step 16

Go back to AAD blade and click on Enterprise applications if you have activated enterprise mobility suite or click on app registration if you a have activated AD premium.

Step 17

Click on all application tab to find already added application and also to add a new application. To add a new application, click on add new application.

Step 18

Under add from the gallery search for twitter application and click on it.

Step 19

Give a custom name to the application if required and click on add.

Step 20

In the application click on assign a user option or choose user and group from the 'manage' menu.

Step 21

Click on add new user to add a user.

Step 22

Choose number of users you would like to add to the application as a group or individual and click on select.

Step 23

Click on assign.

Step 24

Once the user has been assigned you can find them listed.

Step 25

Back on the main application blade under 'manage' go to single sign on and set single sign on option to password-based sign-on. And save.

Step 26

After saving go back to users and groups.

Step 27

And select the users to update credentials.

Step 28

Here enter your companies twitter account user name and password and click save.

Step 29

Once the credentials have been set up your users can access your Twitter application by accepting the invite.

Accepting the invite will take you to a page where you will be asked to accept the terms and conditions by clicking next.

In the next page you have to login with you company's credentials.

Step 30

Once you have logged in you will be taken to access panel where you can find all your companies applications that you have access to. If you couldn’t find the application and you have be added to multiple active directory. Click on your name to switch between directories. And you will be able to find your application.

Step 31

Clicking on the application will promote you to add an extension for Microsoft access panel. Install the extension on your browser or you can install access panel application though app store if you are using company laptop and use to sign in by company assigned credentials.

Step 32

Click on add to chrome. To add the extension.

Step 33

Once the extension has been added refresh the browser and once again click on the application and it will automatically log you into your company twitter account.

The process uses a secure connection to retrieve user name and password of your company to which was updated earlier.

We have added the users and granted access to the application. Now we will look into revoking access to a user.

Step 34

To revoke access when an employee leaves the company got to the application. Under manage menu. Go to 'users and groups'. Select the user who's access need to be revoked and click remove. And choose yes to conform.

Once the user has been removed access to the application on the access panel will be removed automatically.