Azure AD-将用户和组分配给App
我正在使用Azure AD:
I'm using Azure AD:
- 我已经通过Microsoft帐户ID添加了用户.
- 我已激活"Azure AD Premium"试用版
- 我已为每个用户分配了一个许可证
现在,我想为用户分配对我的Web应用程序(云服务)的访问权限,但是,我没有看到本文中介绍的用户和组"标签:
Now I want to assign users access to my Web App (A cloud service), however, I'm not seeing the "Users and Groups" tab described in this article:
重要: 启用Azure AD Premium后,您只会看到用户和组"选项卡. https://azure.microsoft.com/documentation/articles/活动目录访问管理组saasapps/
Important: You will only see the Users and Groups tab once you have enabled Azure AD Premium. https://azure.microsoft.com/documentation/articles/active-directory-accessmanagement-group-saasapps/
甚至在此视频中进行了演示: http://azure.microsoft.com/documentation/video/configure-and-assign-groups-azure-ad/
And even demonstrated in this video: http://azure.microsoft.com/documentation/videos/configure-and-assign-groups-azure-ad/
最后,当我去: https://account.activedirectory.windowsazure.com/applications/default.aspx 我没有看到任何应用程序"-我假设一旦能够分配访问权限,应用程序应该显示在这里.
Finally, when I go to: https://account.activedirectory.windowsazure.com/applications/default.aspx I'm not seeing any "Apps" - I assume once I've been able to assign access the Apps should show here.
我发现一些信息似乎无法使用Microsoft帐户使用Azure AD登录到Cloud Service Web App:
I've found some info which looks like it is not possible to sign in to Cloud Service Web App with Azure AD using a Microsoft Account:
Azure AD方案和解决方案(以及我们的代码示例和示例应用程序)需要Azure Active Directory域中的用户帐户.如果您尝试使用Microsoft帐户(例如Hotmail.com,Live.com或Outlook.com帐户)登录应用程序,则登录将失败. http://msdn.microsoft.com/en-us/library/azure/dn151790.aspx
The Azure AD scenarios and solutions (and our code samples and sample applications) require a user account in the domain of your Azure Active Directory. If you try to sign in to the applications with a Microsoft account, such as a Hotmail.com, Live.com, or Outlook.com account, the sign in fails. http://msdn.microsoft.com/en-us/library/azure/dn151790.aspx
代码示例:
此示例不适用于Microsoft帐户,因此,如果您使用Microsoft帐户登录到Azure门户,并且以前从未在目录中创建过用户帐户,则需要立即执行此操作. https://github.com/AzureADSamples/WebApp-OpenIDConnect-DotNet
This sample will not work with a Microsoft account, so if you signed in to the Azure portal with a Microsoft account and have never created a user account in your directory before, you need to do that now. https://github.com/AzureADSamples/WebApp-OpenIDConnect-DotNet
是否可以使用Microsoft帐户登录/是否有有效的示例/指南?
将用户和组分配给应用程序功能可用于预集成的Azure AD SaaS应用程序.将用户分配给应用程序后,该应用程序的图标将显示在用户访问面板中.在某些情况下,分配用户会在SaaS应用中为该用户设置一个帐户.
Assigning users and groups to applications feature is available for pre-integrated Azure AD SaaS applications. Once a user is assigned to an app, the app's icon appears in the users access panel. In some cases assigning a user provisions an account for the user in the SaaS app.
此AzureAD功能尚不适用于其他应用程序(例如,内部开发的应用程序).
This AzureAD capability isn't yet available for other applications (e.g. apps developed in-house).
请注意,无需将用户分配给应用程序即可登录.内部开发的应用程序在目录中注册后,该目录中的用户即可登录该应用程序.因此,您不应该对此加以限制.
Note that a user doesn't need to be assigned to an application to be able to sign-in to it. Once an in-house developed application gets registered in the directory, users in that directory can sign-in to the application. So you shouldn't block on this.
KiereH,我们也在考虑将分配用户和组扩展到非预集成的应用程序,并提供在分配时将其分配给应用程序角色的功能.敬请期待.
KiereH, we are considering extending assign users and groups to non-pre-integrated applications too - and give the ability to assign them to an application role at assignment. Please stay tuned.
希望这会有所帮助.