2

I wanted to implement similar feature for azure as mentioned in below aws url- https://aws.amazon.com/blogs/desktop-and-application-streaming/enabling-federation-with-azure-ad-single-sign-on-and-amazon-appstream-2-0/

I want to register external user on the fly to access azure portal with limited access and a expiry. Can someone help me figuring out a workaround for same.

prasoon
  • 901
  • 8
  • 25
  • Why do you need user to access your azure portal ? could you explain a little bit more in details what you are trying to achieve ? – Thomas Jun 05 '19 at 10:13
  • I am creating a lab platform for my students to perform some azure labs. So on the fly a student comes to my lab page and he will get assigned and displayed a username/pwd to login and access azure. – prasoon Jun 06 '19 at 11:23

2 Answers2

0

You can use RBAC(Role-based access control ) for this.

RBAC allows the flexibility of owning one Azure subscription managed by the administrator account (service administrator role at a subscription level) and have multiple users invited to work under the same subscription but without any administrative rights for it.

There are two common examples when RBAC is used (but not limited to):

  1. Having external users from the organizations (not part of the admin user's Azure Active Directory tenant) invited to manage certain resources or the whole subscription.

  2. Working with users inside the organization (they are part of the user's Azure Active Directory tenant) but part of different teams or groups that need granular access either to the whole subscription or to certain resource groups or resource scopes in the environment.

Follow the step by step instruction to Grant access at a subscription level for a user outside of Azure Active Directory.

Hope this will help.

DixitArora-MSFT
  • 1,768
  • 1
  • 5
  • 8
  • My usecase is to allow external users to access azure resources. Just like incase of aws we federate them and provide them a url to login. Incase of azure how can I give a username and password on the fly to login and act on resources. – prasoon Jun 06 '19 at 11:21
  • For accessing the Azure portal, user still need to login with credentials. – DixitArora-MSFT Jun 06 '19 at 16:31
0

For your requirement :

Consider Add Azure Active Directory B2B collaboration users in the Azure portal

In this a user who is assigned any of the limited administrator directory roles, can use the Azure portal to invite B2B collaboration users. You can invite guest users to the directory, to a group, or to an application.After you add a guest user to the directory, you can either send the guest user a direct link to a shared app, or the guest user can click the redemption URL in the invitation email.

Also consider Add Google as an identity provider for B2B guest users

By setting up federation with Google, you can allow invited users to sign in to your shared apps and resources with their own Google accounts, without having to create Microsoft Accounts (MSAs) or Azure AD accounts.

Community
  • 1
  • 1
DixitArora-MSFT
  • 1,768
  • 1
  • 5
  • 8