Configuring Application Access with Azure Active Directory for Password-Based Single Sign-On

Hands-on Lab

Configuring Application Access with Azure Active Directory for Password-Based Single Sign-on

August 2014 CONTENTS Contents

Overview In this lab, you will learn how to add a Software-as-a-Service (SaaS) application for Password-based Single Sign-on to your Azure Active Directory. The SaaS Application you will configure will be Microsoft OneDrive. After adding the application to your Azure Active Directory, you will then learn how to assign user access to the application. Finally, you will sign-in to the Access Panel as a user of the directory to see and launch the Microsoft OneDrive application.

Objectives This demo will show how to: Add a SaaS application (Microsoft OneDrive) from the Azure Application Gallery to your Azure Active Directory

Configure the application for Password-based Single Sign-On

Assign permissions for users to access the application

Use the Access Panel to see and launch the application

Prerequisites 1. This hands-on-lab assumes you already completed the Azure AD Introduction lab.

2. A Microsoft Account.

Estimated time to complete this demo: 15 Minutes

Exercise 1: Add a SaaS Application from the Azure Application Gallery to your Azure Active Directory

Task 1 – Add the Microsoft OneDrive Application 1. Launch a browser and navigate to https://manage.windowsazure.com.

2. Sign-in as the John Doe user.

3. Click on the ACTIVE DIRECTORY tab

4. Click on the PPE Labs AD directory.

5. Click on the APPLICATIONS link at the top of your screen.

6. Click on the ADD button at the bottom of the screen.

7. Click on the option to Add an application from the gallery.

8. In the Application Gallery, search for “OneDrive”. Click on Microsoft OneDrive and then click the checkmark button.

Task 2 – Assign user access to the Microsoft OneDrive application 1. Click on the green Assign users button.

2. Click on the user Jane Smith.

3. Click the ASSIGN button at the bottom of the screen.

4. In the Assign Users window, click the checkmark button. Do not check the checkbox to enter Microsoft OneDrive credentials on behalf of the user.

Task 3 – Use the Access Panel to see and launch Microsoft OneDrive 1. At the Internet Explorer main menu, select File -> New session to open a new browser session.

2. In the new browser session, navigate to http://myapps.microsoft.com.

3. Sign-in as Jane Smith.

a. Username: janesmith@.onmicrosoft.com

b. Password: demo@pass1

4. In the Access Panel, click on the Microsoft OneDrive Application.

5. The first time you launch this application for this user (on your computer), you will be prompted to install software. Click the green Install Now button.

6. After installing the Access Panel extension, restart the browser and navigate back to the Access Panel http://myapps.microsoft.com.

7. Click on the Microsoft OneDrive application. Since this is the first time you are accessing Microsoft OneDrive as Jane Smith, you are challenged to enter your personal credentials to your personal OneDrive. Enter your Microsoft Account credentials.

8. Your OneDrive will open in the browser.

In the future, when you launch Microsoft OneDrive from the Access Panel as the Jane Smith user, you will not be challenged for credentials. Azure AD has securely stored your credentials and will authenticate you automatically for your OneDrive account.

Summary

In this lab, you learned how to add the Microsoft OneDrive application to your Azure Active Directory. You configured the application for Password-based Single Sign-On and then assigned user access to the application. Finally, you used the Access Panel to see and launch the application when signed in as a user in the Azure Active Directory.