[英]Azure AD - Assign Users and Groups to App
I'm using Azure AD: 我正在使用Azure AD:
Now I want to assign users access to my Web App (A cloud service), however, I'm not seeing the "Users and Groups" tab described in this article: 现在,我想为用户分配对我的Web应用程序(云服务)的访问权限,但是,没有看到本文中描述的“用户和组”选项卡:
Important: You will only see the Users and Groups tab once you have enabled Azure AD Premium. 重要说明:启用Azure AD Premium后,您只会看到“用户和组”选项卡。 https://azure.microsoft.com/documentation/articles/active-directory-accessmanagement-group-saasapps/ https://azure.microsoft.com/documentation/articles/active-directory-accessmanagement-group-saasapps/
And even demonstrated in this video: http://azure.microsoft.com/documentation/videos/configure-and-assign-groups-azure-ad/ 甚至在此视频中进行了演示: http : //azure.microsoft.com/documentation/videos/configure-and-assign-groups-azure-ad/
Finally, when I go to: https://account.activedirectory.windowsazure.com/applications/default.aspx I'm not seeing any "Apps" - I assume once I've been able to assign access the Apps should show here. 最后,当我转到: https : //account.activedirectory.windowsazure.com/applications/default.aspx我没有看到任何“应用程序”-我假设一旦我能够分配访问权限,应用程序应该显示在此处。
EDIT: 编辑:
I've found some info which looks like it is not possible to sign in to Cloud Service Web App with Azure AD using a Microsoft Account: 我发现一些信息似乎无法使用Microsoft帐户使用Azure AD登录Cloud Service Web App:
The Azure AD scenarios and solutions (and our code samples and sample applications) require a user account in the domain of your Azure Active Directory. Azure AD方案和解决方案(以及我们的代码示例和示例应用程序)需要Azure Active Directory域中的用户帐户。 If you try to sign in to the applications with a Microsoft account, such as a Hotmail.com, Live.com, or Outlook.com account, the sign in fails. 如果您尝试使用Microsoft帐户(例如Hotmail.com,Live.com或Outlook.com帐户)登录应用程序,则登录将失败。 http://msdn.microsoft.com/en-us/library/azure/dn151790.aspx http://msdn.microsoft.com/en-us/library/azure/dn151790.aspx
Code Sample: 代码示例:
This sample will not work with a Microsoft account, so if you signed in to the Azure portal with a Microsoft account and have never created a user account in your directory before, you need to do that now. 此示例不适用于Microsoft帐户,因此,如果您使用Microsoft帐户登录到Azure门户并且之前从未在目录中创建过用户帐户,则需要立即执行此操作。 https://github.com/AzureADSamples/WebApp-OpenIDConnect-DotNet https://github.com/AzureADSamples/WebApp-OpenIDConnect-DotNet
Is it possible to sign in using a Microsoft Account / is there a worked sample/guide? 是否可以使用Microsoft帐户登录/是否有可用的示例/指南?
Assigning users and groups to applications feature is available for pre-integrated Azure AD SaaS applications. 将用户和组分配给应用程序功能可用于预集成的Azure AD SaaS应用程序。 Once a user is assigned to an app, the app's icon appears in the users access panel. 将用户分配给应用程序后,该应用程序的图标将显示在用户访问面板中。 In some cases assigning a user provisions an account for the user in the SaaS app. 在某些情况下,分配用户会在SaaS应用中为该用户设置一个帐户。
This AzureAD capability isn't yet available for other applications (eg apps developed in-house). 此AzureAD功能尚不适用于其他应用程序(例如,内部开发的应用程序)。
Note that a user doesn't need to be assigned to an application to be able to sign-in to it. 请注意,无需将用户分配给应用程序即可登录。 Once an in-house developed application gets registered in the directory, users in that directory can sign-in to the application. 内部开发的应用程序在目录中注册后,该目录中的用户即可登录该应用程序。 So you shouldn't block on this. 所以你不应该阻止这个。
KiereH, we are considering extending assign users and groups to non-pre-integrated applications too - and give the ability to assign them to an application role at assignment. KiereH,我们也在考虑将分配用户和组扩展到非预集成的应用程序中,并允许在分配时将其分配给应用程序角色。 Please stay tuned. 敬请期待。
Hope this helps. 希望这可以帮助。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.