DEV Community

Cover image for A Beginner’s Look into Azure Active Directory (Microsoft Entra ID) and Roles with a Simple Exercise
Seun Okegbola
Seun Okegbola

Posted on

A Beginner’s Look into Azure Active Directory (Microsoft Entra ID) and Roles with a Simple Exercise

First of all, what is Active Directory?

Active Directory is a service that was previewed by Microsoft in 1999 has been in use since windows server 2000 edition. It has been a useful service in helping organisations as a Windows domain services tool that allows you to set permissions and make groups for the users and assets in your environment. Active Directory works on premises with the domain controller.

This service is also available in the cloud, for Microsoft Azure it is known as Azure Active Directory (Azure AD) or by its new name Microsoft Entra ID. It is an identity and access management solution from Microsoft that helps organizations secure and manage identities for hybrid and multicloud environments.

Permissions and access management solutions are given based on roles in Azure are assigned using either:

  • Azure Active Directory (Azure AD) Roles is an identity and access management service that enables user and device authentication and authorization across Azure and other integrated applications. Azure Active Directory roles control access to Azure Active Directory resources such as users, groups, and applications.
  • Azure Roles (or Role Based Access Control-RBAC) is a widely used access control model that allows administrators to assign specific roles to Azure users, groups, or service principals.

Azure Roles is responsible for the access to Azure resources while Azure AD Roles controls access to resources in Azure AD (Microsoft Entra ID). These roles have their different purposes, scopes and types of roles you can assign. Below is a table highlighting the differences between Azure Active Directory Roles (Azure AD) and Azure Roles.

Image description

Practical Exercise

Hagital Consulting Ltd has decided to streamline its identity management process by utilizing Microsoft *Entra ID *(Azure Active Directory) to manage its cloud-based identities.

  • Create the Administrative Department and add two users (Grace Peters and Ahmed Johnson) to it.
  • Assign the Global Administrator Role to User A (Grace Peters)
  • Show all the steps it took the Global Admin to Log in into the Azure Portal with Grace Peters new credentials.
  • Let the Global Administrator (Grace Peters) create/onboard a new member (Steven Kalu) to the Admin Department

Let’s go ahead with the exercise.

Prerequisite

First thing login to your Microsoft Azure Portal by going to https://portal.azure.com.

If you do not have an azure account sign up and create an account for free with this link https://azure.microsoft.com/en-us/free/. Registration will require a phone number and a debit or credit card details to validate your account even for the free account. You have a choice between the free or pay as you go account.

Practical Begins

Step 1: Search for Microsoft Entra ID in the search bar at the top of your portal page and Select Microsoft Entra ID.

Image description

You are now in the Default Directory| Overview page.

  • Click Groups under the Manage drop-down menu at the left-hand side of the portal.

Image description

  • Click New group.

Image description
Step 2: The New Group menu create the Administrative Department.

  • Group type: Select Security.
  • Group name: Type Administrative Department
  • Group description: Give a description of the group or you can leave it as is.
  • Membership type: Leave as is.

Image description

  • Members: Click on No members selected

Image description

  • The Add members menu pops up click Users underneath the search bar.

Image description

Select the two new members of this group in this we are picking Grace **and **Ahmed Johnson the click Select at the bottom left of the windows.

Image description

  • You are back to the New Group page click Create at the bottom left of the page.
  • Back at the Groups| All groups page click Refresh then your newly created Administrative Department will show up under the list of groups found.

Image description
Step 2: Assigning Global Administrative role to a member of the created group. We will be giving Grace this role and appoint her as Head of the Admin.

  • Click on Default Directory|Groups to get back to the Default Directory page.

Image description

  • Click on Users under the Manage dropdown menu at the left-hand side of the page.

Image description

  • In the Users page click Grace.

Image description

  • Grace's User page is now open. Go to the menu at left hand side of the page click on Manage in its dropdown menu click on Assigned roles.

Image description

  • In the Grace|Assigned roles page click on Add assignments.

Image description

  • Directory roles window opens. In the search bar type Global Administrator, select it when it appears and click Add at the bottom of the window.

Image description

  • Click on Refresh once back in Grace|Assigned **roles page, the role will now appear in the list of **Administrative roles she has been given.

Image description

Sign into Grace’s Azure Portal

Step1: Open another browser or your current browser in incognito or Inprivate mode depending on the browser you are using.

Image description

  • Login to Azure using Grace’s credentials.
  • Go and copy Grace User Principal name (UPN) to login to Azure.

Image description

  • Paste it in the Sign in.

Image description

  • Enter the password you gave to the account or the copied out autogenerated password and click Sign In.

Image description

  • Grace will be prompted to Update your password at your first sign in. Change password and click Sign in.

Image description

  • An Action Required prompt will show on screen, for this exercise we will be clicking Ask Later.
  • Stay signed in? prompt comes click Yes.

You are now logged Grace’s User Account.

Image description

Create/Onboard a new member into the Administrative Department with Grace who we have giving the role of Global Administrator.

Step 2: Click Microsoft Entra ID to go into the Default Directory|Overview Page

  • Click on Add
  • In the menu that hover your mouse over User then click on Create new user

Image description

Step 3: In the Create new user page we start with the Basic tab.

  • User principal name: Enter the user’s name
  • Mail nickname: Leave the check box ticked beside the Derive from user principal name
  • Display name: Enter a name
  • Password: You can leave the Auto-generate password ticked but copy the password somewhere you can easily find it or uncheck the box and type in the password yourself.

Image description

  • Click Next: Properties at the bottom of the portal to move to the next tab.

Step 3: We move to the next tab Properties.

  • We start with Identity.
  • First name: Enter Steven
  • Last name: Enter Kalu
  • User type: Leave it as Member.

  • Job Information: We will fill in a few other details

1.** Job title:** Admin Officer

  1. Company name: Higital Consulting Ltd
  2. Department: Administrative
  • Leave everything else as they were and click Next: Assignments at the bottom of the page.

Image description

Step 4: In the Assignments tab. We be adding Steven Kalu to the Administrative Department.

  • Click Add group

Image description

  • In the new window Select group look for and click the check box for Administrative Department we created.

Image description

  • Once done click Select at the bottom of the page.
  • Click Next: Review + create
  • Click Create

You have successfully created a user with Graces Peter’s Portal. You can view the account, Steven Kalu, you just created by going to Default Directory| Overview and click Users under manage. You will be able to see it in both your account you start this exercise with and in Grace Peters’ account.

Image description

In summary, Azure Active Directory (Azure AD) Roles and Azure Roles are important parts of access management in Azure’s ecosystem. As we can see from the simple exercise above it can help an organisation securely and efficiently manage its users/staff and give access and privileges which can be similar to their roles in their organisation.

Top comments (0)