Create Tenant Azure and Manage Users

Author

Reads 674

Computer server in data center room
Credit: pexels.com, Computer server in data center room

To create a tenant in Azure, you'll need to sign up for a Microsoft account if you don't already have one. This will give you access to the Azure portal.

The Azure portal is where you'll manage your tenant and all its users. You can access it by going to the Azure website and signing in with your Microsoft account.

Creating a tenant in Azure is a straightforward process that can be completed in just a few steps. You'll need to provide some basic information, such as your organization's name and contact details.

Setup and Configuration

To set up and configure a tenant in Azure, you'll need to start by populating information for the software applications that will integrate with the identity provider.

First, navigate to the "App Registrations" menu within Azure Active Directory and create one registration for your application backend, centralizing it under a single registration for ease of management.

Credit: youtube.com, 1. How to Create a New Tenant in Azure Active Directory

If your software has a microservices architecture, you can choose to split the app registrations into one registration per code-base, but this can be more complicated to manage.

Create multiple client registrations for each individual "tenant", "client", or "site" that will be using your software, such as providing separate registrations for Ford and General Motors as two different groups of customers.

To configure the client application(s) to utilize the appropriate flows and request the correct access tokens based on the given tenant, you'll need to setup Tenant Based Authentication.

Use different subdomains for each unique client, and use a subdomain helper to parse the subdomain from the active URL and validate it against a list of viable tenants.

Once the tenant Id has been identified, you can select the proper User Flow policies and API token scopes from configuration files.

This setup provides flexible logins for different tenants configured through code, separation of API Scopes and different permissions for different tenants, and configurable user experiences for each client as they log in to the same application.

Authentication and Authorization

Credit: youtube.com, Microsoft Entra ID Beginner's Tutorial (Azure Active Directory)

To set up authentication and authorization for your multi-tenant Azure application, you'll need to configure the client application to utilize the correct access tokens based on the given tenant. This is achieved by using different subdomains for each unique client.

The most common approach is to use a subdomain helper to parse the subdomain from the active URL and validate it against a list of viable tenants. Once the tenant ID has been identified, the proper User Flow policies and API token scopes can be selected from configuration files.

To configure application API scopes, start by opening the "Server" app registration and using the "Expose an API" menu to create different scopes for each client that is allowed to send requests to the server's APIs. This is necessary to separate API Scopes and different permissions for different tenants.

Different scopes should be created based on the number of different tenants and the types of permissions different tenant apps may need. For example, if Client 2 has an Angular portal app that only needs to read data and also a .NET MVC web client that needs to both read and write data, create two different scopes for the two client applications.

Credit: youtube.com, Azure Active Directory Tutorial | Create a New Tenant In Azure Active Directory | Azure AD Tenant

Before setting up the Azure B2C Directory, it's essential to understand that Azure B2C uses the term "Tenant" to describe a single directory of users. To avoid confusion, we'll use the term "Directory" to refer to the Azure B2C instance and "Tenants" to refer to the application's customers who are going to be interacting with the app in question.

Tenant Creation and Management

To create an Azure AD B2C tenant, you'll need to sign in to the Azure portal and ensure you're using the Microsoft Entra tenant that contains your subscription. You can link multiple Azure AD B2C tenants to a single Azure subscription for billing purposes, but you must be an admin in the Azure AD B2C tenant and have at least a Contributor role within the Azure subscription.

You can create an Azure AD B2C tenant by following the steps outlined in the Azure portal, which involves adding Microsoft.AzureActiveDirectory as a resource provider for the Azure subscription and selecting Create a resource. An application called b2c-extensions-app is automatically created inside the new directory, and you should not modify or delete it, as it's used by Azure AD B2C for storing user data.

Credit: youtube.com, Understanding Multi-Tenant Organizations

If you're unable to create an Azure AD B2C tenant, review your user settings page to ensure that tenant creation isn't switched off. If it's not enabled, you must be assigned at least the Tenant Creator role. You can check this by signing in to the Azure portal and navigating to Identity > Overview > Manage tenants.

Here are the steps to create a new tenant for your organization:

  • Sign in to the Azure portal
  • From the Azure portal menu, select Microsoft Entra ID
  • Navigate to Identity > Overview > Manage tenants
  • Select Create
  • On the Basics tab, select the type of tenant you want to create, either Microsoft Entra ID or Microsoft Entra ID (B2C)
  • Select Next: Configuration to move to the Configuration tab
  • On the Configuration tab, enter the following information:

+ Tenant name

+ Other required information

  • Select Next: Review + Create
  • Review the information you entered and select Create in the lower left corner

Note: The polling frequency for the Tenant connector determines when it automatically runs scans for new or deleted accounts. You can choose any period under 24 hours as the interval to auto-run the scan.

Setup Azure Directory

To setup an Azure Directory, you'll need to create a new Azure AD B2C tenant. This can be done by signing in to the Azure portal and making sure you're using the Microsoft Entra tenant that contains your subscription.

Credit: youtube.com, Setup Azure subscriptions, Management Group, Active Directory tenants

You'll need to add Microsoft.AzureActiveDirectory as a resource provider for the Azure subscription you're using. Then, select Create a resource, search for Azure Active Directory B2C, and choose Create.

On the Create a directory page, select Review + create, and review your directory settings. Then, select Create.

Azure AD B2C directories will hold your User Flows, Custom User Policies, and connections to other identity providers that are authorized to connect with your application.

It's recommended to use one Azure Active Directory B2C Directory for your application's Production environment and one for your Non-Production environment(s).

Here's a step-by-step guide to creating an Azure AD B2C tenant:

1. Sign in to the Azure portal.

2. Make sure you're using the Microsoft Entra tenant that contains your subscription.

3. Add Microsoft.AzureActiveDirectory as a resource provider for the Azure subscription you're using.

4. Select Create a resource.

5. Search for Azure Active Directory B2C, and choose Create.

6. Select Create a new Azure AD B2C Tenant.

7. On the Create a directory page, select Review + create.

8. Review your directory settings, and then select Create.

By following these steps, you'll have successfully created an Azure AD B2C tenant and can start setting up your multi-tenant application.

For another approach, see: How to Create a Landing Page in Webflow

Tags and Activation

Credit: youtube.com, How to Activate Tenants in Rosterly | Step-by-Step Tutorial

You can automatically activate assets for scanning by selecting the required check box, which will enable activation for the app. This way, you don't have to take the extra step of activating assets manually.

To enable Vulnerability Management (VM) Scanning, select the Automatically activate all assets for VM Scanning application checkbox. This will start scanning discovered assets for vulnerabilities.

Perimeter scan jobs are run automatically based on the settings defined in the Scan Settings step or the Cloud Perimeter Scan - Global Scan Configuration. This ensures that your scans are running smoothly and efficiently.

You can also enable scanning discovered assets on other Qualys applications, such as Policy Compliance (PC), Software Composition Analysis (SCA), and Certificate View (CertView). This will give you a more thorough result.

To activate assets for PC Scanning, you need to enable PC Agent and Compliance Manager first. If you're not sure how to do this, you can contact support for assistance.

Creating generic asset tags, like "Azure", is a good idea as it will help you organize your assets more efficiently. The connector can automatically apply these tags to all imported assets.

If this caught your attention, see: How to Create Terraform from Existing Vm Azure

Microsoft Entra and Account Management

Credit: youtube.com, Learn Microsoft Azure Active Directory in Just 30 Mins (May 2023)

When you create a new Microsoft Entra tenant, you become the first user of that tenant and are automatically assigned the Global Administrator role.

As the first user, you're listed as the technical contact for the tenant, but you can change this information in the Properties section.

You can review your user account by navigating to the Users page in the Azure portal.

To create an Azure AD B2C tenant, you need to ensure that tenant creation isn't switched off in your user settings page. If it's switched on, you'll need to ask your Global Administrator to assign you a Tenant Creator role.

Here's a step-by-step guide to creating an Azure AD B2C tenant:

  1. Sign in to the Azure portal.
  2. Make sure you're using the Microsoft Entra tenant that contains your subscription.
  3. Add Microsoft.AzureActiveDirectory as a resource provider for the Azure subscription you're using.

By following these steps, you can successfully create an Azure AD B2C tenant and manage your account settings within the Azure portal.

Azure AD B2C

Azure AD B2C is a powerful tool for managing user identities and authentication in Microsoft Entra. You can create an Azure AD B2C tenant in the Azure portal.

Credit: youtube.com, What is Azure AD B2C? | Microsoft Entra ID

To create an Azure AD B2C tenant, you'll need to sign in to the Azure portal and ensure you're using the correct Microsoft Entra tenant that contains your subscription. You'll also need to add Microsoft.AzureActiveDirectory as a resource provider for the Azure subscription you're using.

If you're unable to create an Azure AD B2C tenant, check your user settings page to ensure that tenant creation isn't switched off. If it's not switched off, ask your Global Administrator to assign you a Tenant Creator role.

You can link multiple Azure AD B2C tenants to a single Azure subscription for billing purposes. To link a tenant, you must be an admin in the Azure AD B2C tenant and be assigned at least a Contributor role within the Azure subscription.

When creating an Azure AD B2C directory, an application called b2c-extensions-app is automatically created inside the new directory. This application is used by Azure AD B2C for storing user data.

Here are the steps to create an Azure AD B2C tenant:

  1. Sign in to the Azure portal.
  2. Make sure you're using the Microsoft Entra tenant that contains your subscription.
  3. Add Microsoft.AzureActiveDirectory as a resource provider for the Azure subscription you're using.
  4. On the Azure portal menu or from the Home page, select Create a resource.
  5. Search for Azure Active Directory B2C, and then select Create.
  6. Select Create a new Azure AD B2C Tenant.
  7. On the Create a directory page, select Review + create.
  8. Review your directory settings, then select Create.

Microsoft Entra Users

Credit: youtube.com, Automate onboarding & offboarding tasks with Microsoft Entra | Identity Lifecycle Management

You become the first user of a new Microsoft Entra tenant and are automatically assigned the Global Administrator role. This role gives you full control over the tenant and its users.

As the first user, you're also listed as the technical contact for the tenant. This information can be changed in the tenant's Properties section.

To add new users to your tenant, navigate to the Users page. From there, you can create a new user account.

You can create a master user to use as your master embedding account. This type of account is useful for automating tasks and can be thought of as a service account.

Here's a step-by-step guide to creating a new user account:

  1. Select the Microsoft Entra ID tab in the Azure portal.
  2. Under Manage, select Users.
  3. Under + New user select + Create new user.
  4. Provide a Display Name and User name for your tenant Global Admin. Leave Directory role as user.
  5. Sign up for Power BI with the user account you created.

Note that you should sign up for Power BI with your user account's email address.

Ann Predovic

Lead Writer

Ann Predovic is a seasoned writer with a passion for crafting informative and engaging content. With a keen eye for detail and a knack for research, she has established herself as a go-to expert in various fields, including technology and software. Her writing career has taken her down a path of exploring complex topics, making them accessible to a broad audience.

Love What You Read? Stay Updated!

Join our community for insights, tips, and more.