简体繁体 English

Azure AD-将用户和组分配给App

[英]Azure AD - Assign Users and Groups to App

原文 2014-09-10 10:56:14 2 1 azure/ azure-active-directory

I'm using Azure AD: 我正在使用Azure AD：

I've added users via Microsoft Account IDs. 我已经通过Microsoft帐户ID添加了用户。
I have activated "Azure AD Premium" trial 我已经激活了“ Azure AD Premium”试用版
I've assigned each user a license 我已为每个用户分配了一个许可证

Now I want to assign users access to my Web App (A cloud service), however, I'm not seeing the "Users and Groups" tab described in this article: 现在，我想为用户分配对我的Web应用程序（云服务）的访问权限，但是，没有看到本文中描述的“用户和组”选项卡：

Important: You will only see the Users and Groups tab once you have enabled Azure AD Premium. 重要说明：启用Azure AD Premium后，您只会看到“用户和组”选项卡。 https://azure.microsoft.com/documentation/articles/active-directory-accessmanagement-group-saasapps/ https://azure.microsoft.com/documentation/articles/active-directory-accessmanagement-group-saasapps/

And even demonstrated in this video: http://azure.microsoft.com/documentation/videos/configure-and-assign-groups-azure-ad/ 甚至在此视频中进行了演示： http : //azure.microsoft.com/documentation/videos/configure-and-assign-groups-azure-ad/

Finally, when I go to: https://account.activedirectory.windowsazure.com/applications/default.aspx I'm not seeing any "Apps" - I assume once I've been able to assign access the Apps should show here. 最后，当我转到： https : //account.activedirectory.windowsazure.com/applications/default.aspx我没有看到任何“应用程序”-我假设一旦我能够分配访问权限，应用程序应该显示在此处。

EDIT: 编辑：

I've found some info which looks like it is not possible to sign in to Cloud Service Web App with Azure AD using a Microsoft Account: 我发现一些信息似乎无法使用Microsoft帐户使用Azure AD登录Cloud Service Web App：

The Azure AD scenarios and solutions (and our code samples and sample applications) require a user account in the domain of your Azure Active Directory. Azure AD方案和解决方案（以及我们的代码示例和示例应用程序）需要Azure Active Directory域中的用户帐户。 If you try to sign in to the applications with a Microsoft account, such as a Hotmail.com, Live.com, or Outlook.com account, the sign in fails. 如果您尝试使用Microsoft帐户（例如Hotmail.com，Live.com或Outlook.com帐户）登录应用程序，则登录将失败。 http://msdn.microsoft.com/en-us/library/azure/dn151790.aspx http://msdn.microsoft.com/en-us/library/azure/dn151790.aspx

Code Sample: 代码示例：

This sample will not work with a Microsoft account, so if you signed in to the Azure portal with a Microsoft account and have never created a user account in your directory before, you need to do that now. 此示例不适用于Microsoft帐户，因此，如果您使用Microsoft帐户登录到Azure门户并且之前从未在目录中创建过用户帐户，则需要立即执行此操作。 https://github.com/AzureADSamples/WebApp-OpenIDConnect-DotNet https://github.com/AzureADSamples/WebApp-OpenIDConnect-DotNet

Is it possible to sign in using a Microsoft Account / is there a worked sample/guide? 是否可以使用Microsoft帐户登录/是否有可用的示例/指南？

1 个解决方案

Assigning users and groups to applications feature is available for pre-integrated Azure AD SaaS applications. 将用户和组分配给应用程序功能可用于预集成的Azure AD SaaS应用程序。 Once a user is assigned to an app, the app's icon appears in the users access panel. 将用户分配给应用程序后，该应用程序的图标将显示在用户访问面板中。 In some cases assigning a user provisions an account for the user in the SaaS app. 在某些情况下，分配用户会在SaaS应用中为该用户设置一个帐户。

This AzureAD capability isn't yet available for other applications (eg apps developed in-house). 此AzureAD功能尚不适用于其他应用程序（例如，内部开发的应用程序）。

Note that a user doesn't need to be assigned to an application to be able to sign-in to it. 请注意，无需将用户分配给应用程序即可登录。 Once an in-house developed application gets registered in the directory, users in that directory can sign-in to the application. 内部开发的应用程序在目录中注册后，该目录中的用户即可登录该应用程序。 So you shouldn't block on this. 所以你不应该阻止这个。

KiereH, we are considering extending assign users and groups to non-pre-integrated applications too - and give the ability to assign them to an application role at assignment. KiereH，我们也在考虑将分配用户和组扩展到非预集成的应用程序中，并允许在分配时将其分配给应用程序角色。 Please stay tuned. 敬请期待。

Hope this helps. 希望这可以帮助。