Introduction
What is Azure Entra ID?
Originally known as Azure Active Directory (Azure AD), Azure Entra ID is a cloud-based identity and access management service provided by Microsoft. Controlling user identities and granting access to cloud-based resources, services, and apps is made efficient and secure with its help. To help businesses enhance security and expedite user management in both on-premises and cloud environments, Azure Entra ID enables role-based access control, multifactor authentication, and single sign-on (SSO).
Now that we know what an Entra ID is, let's set up one!
Prerequisites
Credit card for billing(if you're opening the azure portal account for the first time)
Steps
Step 1: Create a Domain Name
i. Create a domain name with a domain name provider. Something simple and cheap. Below is my domain name which I created with Namecheap.
Step 2: Create an Email Address.
i. Create an email address for the purpose of this task especially if you have created an Azure portal before or not. A hotmail, outlook or gmail will do. For the purpose of this task, I created a new hotmail account,so you can do the same.
Step 3: Create an Azure Cloud Account.
i. Create an Azure cloud account with this link . You can get free 200 credits if you are creating the azure account for the first time else you will have to use the pay-as-you-go model to set up your subscription.
Step 4: Create a DNS Zone
i. In the Azure portal you just created, search for DNS Zone, and click on create or create DNS zone. Anyone will work.
A DNS zone is a resource that contains the DNS records for a specific domain, allowing you to manage the domain's DNS settings such as IP addresses and mail exchange servers.
ii. Under Project details, in Subscription, pick the subscription that is there by default. In Resource group, click on create new and put a name of your choice.
Under Instance details, in Name, put your domain name which you created in step 1. In resource group location I picked Canada East. Then click review create.
iii. You should see a page like this if you do everything properly. Click Create.
iv. You should see the image below.
v. Click on go to resources and see your DNS servers. I circled it for you to see.
Step 5: Configure Nameservers on NameCheap
i. If you used namecheap domain provider, then navigate to the Domain List at your left, and click on manage by your right.
ii. Scroll down and you will see the nameservers section. Click the dropdown circled and pick Custom DNS.
iv. From step 4, number v, copy all the nameservers circled and paste them on the namecheap nameserver lines, and press the green tick just above it to have them all saved.
Step 6: Create a Custom Domain
i. On a new tab, open the Entra ID link. Still, leave the Azure portal tab open as we will need it later.
ii. In the Entra ID, on the left side, navigate to identity >> settings >> domain names. Click on Add custom domain.
iii. Add the domain name you created in this project and click Add domain.
iv. Click on verify just below.
iv. Back to your Azure portal, click on Record set.
v. Copy the '@' in the Alias or hostname from the Entra ID tab and paste it in the Azure portal tab's Add record set name section.
vi. From the Enrta ID, the record type is 'TXT', pick it from the drop-down in the Azure portal.
v. The TTL in the Entra ID is 3600 seconds which is equivalent to 1 hour so pick 1 hour in the Azure portal.
vi. Copy the value under the Destination or points to address in Entra ID and paste it under value in the Azure portal. Click OK to create the record set.
vii. You will see the record created just like the one below.
viii. Go back to the Entra ID tab, and navigate to the custom domain names. We want to make our custom domain we created the primary domain. It is presently not the custom domain as the default one given to us by Azure is the primary domain.
ix. Click on your domain name and tick the place that says make primary. Whatever prompt you see, click 'Yes'.
x. If you go back to your custom domain and refresh the page, you will see that your custom domain is now the primary domain.
Step 7: Create single and bulk Users in Entra ID
i. Navigate to identity >> Users >> all users, click on create user drop down, and then click on create new user.
ii. input a name you want in the User principal name and display name . You can use the auto-generate password or you untick it and create your own. Click Review + Create and then click on create. Refresh your page and you will see your newly created user.
iii. To create the bulk users using the company's domain name, click on bulk operations dropdown and click bulk create.
iv. Click on 'download' and download the spreadsheet and populate it with data
v. It should look like what is below. Under the user name, let the names after the '@' be your domain name. Populate everything with names of your choice and then download the spreadsheet as a CSV file. The passwords can be changed by the users after they use their credentials to log in. They do not need to own the same passwords afterwards.
vi. Go back to the Entra ID page and then upload the downloaded file and then click submit.
v. Refresh the page and you will see all the users from the uploaded spreadsheet just like mine below.
Step 8: Assigning Roles and Groups.
i. Click on any user of your choice you want to assign a role to. We will be assigning an administrative (admin) role in this project. After clicking on any of the users, click on assigned roles and then add assignments
ii. Assign global administrator if you want the person to be in charge of the azure account and give an account of all that happens in it. It is not a role to assign to anyone anyhow. You can read the permissions the person has that I highlighted. Then go ahead and click add.
iii. Click on audit logs to see a list of activities happening in the administrative user's account.
iv. Go back to your users and then on the left side, navigate to identity >> groups >> All groups and then click on new group
v. Populate the spaces with what you want like I did mine below. Click on No owners selected and pick user of your choice and No members selected and select users to be members in that group. For the No owners selected, you are selecting who will be in charge of the group you've created. Click create. Refresh your page and you will see the group you created. Click on it and see an overview of all you did.
vi. This is what yours should look like when you are done creating the group and assigning owner and members to the group. Click on the group created. I have a total of 6 members and one owner. I added the owner as a member so they can have member privileges too.
Conclusion
To sum this up, this tutorial offered a comprehensive method for configuring and overseeing Azure Entra ID, encompassing the creation of domain names, email addresses, and DNS zones, in addition to setting up custom domains and handling users, roles, and groups. You can set up a safe and effective identity management system for your cloud environment by following these steps. With Azure Entra ID, you can improve security and streamline user management for both on-premises and cloud services.
Top comments (4)
Very detailed. I love this
Thank you so much.
Great Job!
This is really comprehensive Ada!!
Thank you so much
It's my absolute pleasure.