You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/manage-apps/migrate-application-authentication-to-azure-active-directory.md
+15-14Lines changed: 15 additions & 14 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -40,9 +40,9 @@ To ensure that the users can easily and securely access applications, your goal
40
40
41
41
[Azure Active Directory (Azure AD)](../fundamentals/active-directory-whatis.md) offers a universal identity platform that provides your people, partners, and customers a single identity to access the applications they want and collaborate from any platform and device.
42
42
43
-
43
+
44
44
45
-
Azure AD has a [full suite of identity management capabilities](../fundamentals/active-directory-whatis.md#which-features-work-in-azure-ad). Standardizing your app authentication and authorization to Azure AD enables you get the benefits these capabilities provide.
45
+
Azure AD has a [full suite of identity management capabilities](../fundamentals/active-directory-whatis.md#which-features-work-in-azure-ad). Standardizing your app authentication and authorization to Azure AD gets you the benefits that these capabilities provide.
46
46
47
47
You can find more migration resources at [https://aka.ms/migrateapps](./migration-resources.md)
48
48
@@ -61,18 +61,18 @@ Safeguarding your apps requires that you have a full view of all the risk factor
61
61
62
62
### Manage cost
63
63
64
-
Your organization may have multiple Identity Access Management (IAM) solutions in place. Migrating to one Azure AD infrastructure is an opportunity to reduce dependencies on IAM licenses (on-premises or in the cloud) and infrastructure costs. In cases where you may have already paid for Azure AD via Microsoft 365 licenses, there is no reason to pay the added cost of another IAM solution.
64
+
Your organization may have multiple Identity Access Management (IAM) solutions in place. Migrating to one Azure AD infrastructure is an opportunity to reduce dependencies on IAM licenses (on-premises or in the cloud) and infrastructure costs. In cases where you may have already paid for Azure AD via Microsoft 365 licenses, there's no reason to pay the added cost of another IAM solution.
65
65
66
66
With Azure AD, you can reduce infrastructure costs by:
67
67
68
68
- Providing secure remote access to on-premises apps using [Azure AD Application Proxy](../app-proxy/application-proxy.md).
69
-
- Decoupling apps from the on-prem credential approach in your tenant by [setting up Azure AD as the trusted universal identity provider](../hybrid/plan-connect-user-signin.md#choosing-the-user-sign-in-method-for-your-organization).
69
+
- Decoupling apps from the on-premises credential approach in your tenant by [setting up Azure AD as the trusted universal identity provider](../hybrid/plan-connect-user-signin.md#choosing-the-user-sign-in-method-for-your-organization).
70
70
71
71
### Increase productivity
72
72
73
73
Economics and security benefits drive organizations to adopt Azure AD, but full adoption and compliance are more likely if users benefit too. With Azure AD, you can:
74
74
75
-
- Improve end-user [Single Sign-On (SSO)](./what-is-single-sign-on.md) experience through seamless and secure access to any application, from any device and any location.
75
+
- Improve end-user [single sign-on (SSO)](./what-is-single-sign-on.md) experience through seamless and secure access to any application, from any device and any location.
76
76
- Use self-service IAM capabilities, such as [Self-Service Password Resets](../authentication/concept-sspr-howitworks.md) and [SelfService Group Management](../enterprise-users/groups-self-service-management.md).
77
77
- Reduce administrative overhead by managing only a single identity for each user across cloud and on-premises environments:
78
78
@@ -84,11 +84,11 @@ Economics and security benefits drive organizations to adopt Azure AD, but full
84
84
85
85
### Address compliance and governance
86
86
87
-
Ensure compliance with regulatory requirements by enforcing corporate access policies and monitoring user access to applications and associated data using integrated audit tools and APIs. With Azure AD, you can monitor application sign-ins through reports that use [Security Incident and Event Monitoring (SIEM) tools](../reports-monitoring/plan-monitoring-and-reporting.md). You can access the reports from the portal or APIs, and programmatically audit who has access to your applications and remove access to inactive users via access reviews.
87
+
To comply with regulatory requirements, enforce corporate access policies and monitor user access to applications and associated data using integrated audit tools and APIs. With Azure AD, you can monitor application sign-ins through reports that use [Security Incident and Event Monitoring (SIEM) tools](../reports-monitoring/plan-monitoring-and-reporting.md). You can access the reports from the portal or APIs, and programmatically audit who has access to your applications and remove access to inactive users via access reviews.
88
88
89
89
## Plan your migration phases and project strategy
90
90
91
-
When technology projects fail, it is often due to mismatched expectations, the right stakeholders not being involved, or a lack of communication. Ensure your success by planning the project itself.
91
+
When technology projects fail, it's often due to mismatched expectations, the right stakeholders not being involved, or a lack of communication. Ensure your success by planning the project itself.
92
92
93
93
### The phases of migration
94
94
@@ -107,7 +107,7 @@ The following table includes the key roles and their contributions:
|**Project Manager**| Project coach accountable for guiding the project, including:<br /> - gain executive support<br /> - bring in stakeholders<br /> - manage schedules, documentation, and communications |
110
-
|**Identity Architect / Azure AD App Administrator**| They are responsible for the following:<br /> - design the solution in cooperation with stakeholders<br /> - document the solution design and operational procedures for handoff to the operations team<br /> - manage the pre-production and production environments |
110
+
|**Identity Architect / Azure AD App Administrator**| They're responsible for the following:<br /> - design the solution in cooperation with stakeholders<br /> - document the solution design and operational procedures for handoff to the operations team<br /> - manage the pre-production and production environments |
111
111
|**On premises AD operations team**| The organization that manages the different on-premises identity sources such as AD forests, LDAP directories, HR systems etc.<br /> - perform any remediation tasks needed before synchronizing<br /> - Provide the service accounts required for synchronization<br /> - provide access to configure federation to Azure AD |
112
112
|**IT Support Manager**| A representative from the IT support organization who can provide input on the supportability of this change from a helpdesk perspective. |
113
113
|**Security Owner**| A representative from the security team that can ensure that the plan will meet the security requirements of your organization. |
@@ -117,11 +117,11 @@ The following table includes the key roles and their contributions:
117
117
118
118
### Plan communications
119
119
120
-
Effective business engagement and communication is the key to success. It is important to give stakeholders and end-users an avenue to get information and keep informed of schedule updates. Educate everyone about the value of the migration, what the expected timelines are, and how to plan for any temporary business disruption. Use multiple avenues such as briefing sessions, emails, one-to-one meetings, banners, and townhalls.
120
+
Effective business engagement and communication are the keys to success. It's important to give stakeholders and end-users an avenue to get information and keep informed of schedule updates. Educate everyone about the value of the migration, what the expected timelines are, and how to plan for any temporary business disruption. Use multiple avenues such as briefing sessions, emails, one-to-one meetings, banners, and townhalls.
121
121
122
122
Based on the communication strategy that you have chosen for the app you may want to remind users of the pending downtime. You should also verify that there are no recent changes or business impacts that would require to postpone the deployment.
123
123
124
-
In the following table you will find the minimum suggested communication to keep your stakeholders informed:
124
+
In the following table you'll find the minimum suggested communication to keep your stakeholders informed:
125
125
126
126
#### Plan phases and project strategy
127
127
@@ -168,7 +168,7 @@ The migration states you might consider using are as follows:
168
168
|**Configuration in Progress**| Develop the changes necessary to manage authentication against Azure AD |
169
169
|**Test Configuration Successful**| Evaluate the changes and authenticate the app against the test Azure AD tenant in the test environment |
170
170
|**Production Configuration Successful**| Change the configurations to work against the production AD tenant and assess the app authentication in the test environment |
171
-
|**Complete / Sign Off**| Deploy the changes for the app to the production environment and execute the against the production Azure AD tenant |
171
+
|**Complete / Sign Off**| Deploy the changes for the app to the production environment and execute against the production Azure AD tenant |
172
172
173
173
This will ensure app owners know what the app migration and testing schedule are when their apps are up for migration, and what the results are from other apps that have already been migrated. You might also consider providing links to your bug tracker database for owners to be able to file and view issues for apps that are being migrated.
174
174
@@ -262,8 +262,9 @@ You usually develop LoB apps for your organization’s in-house use. If you have
262
262
263
263
Apps without clear owners and clear maintenance and monitoring present a security risk for your organization. Consider deprecating applications when:
264
264
265
-
- Their **functionality is highly redundant** with other systems • there is **no business owner**
266
-
- There is clearly **no usage**.
265
+
- Their **functionality is highly redundant** with other systems
266
+
- There is **no business owner**
267
+
- There is clearly **no usage**
267
268
268
269
We recommend that you **do not deprecate high impact, business-critical applications**. In those cases, work with business owners to determine the right strategy.
269
270
@@ -352,7 +353,7 @@ Don’t forget about your external partners. Make sure that they participate in
352
353
353
354
### Plan for limitations
354
355
355
-
While some apps are easy to migrate, others may take longer due to multiple servers or instances. For example, SharePoint migration may take longer due to custom signin pages.
356
+
While some apps are easy to migrate, others may take longer due to multiple servers or instances. For example, SharePoint migration may take longer due to custom sign-in pages.
356
357
357
358
Many SaaS app vendors charge for changing the SSO connection. Check with them and plan for this.
1. Under the **Admin Credentials** section, click on **Authorize**. You will be redirected to **Facebook Work Accounts**'s authorization page. Input your Facebook Work Accounts username and click on the **Continue** button. Click **Test Connection** to ensure Azure AD can connect to Facebook Work Accounts. If the connection fails, ensure your Facebook Work Accounts account has Admin permissions and try again.
:::image type="content" source="media/facebook-work-accounts-provisioning-tutorial/azure-connect.png" alt-text="Screenshot shows the Facebook Work Accounts authorization page.":::
79
71
80
72
1. In the **Notification Email** field, enter the email address of a person or group who should receive the provisioning error notifications and select the **Send an email notification when a failure occurs** check box.
1. Under the **Mappings** section, select **Synchronize Azure Active Directory Users to Facebook Work Accounts**.
@@ -114,7 +104,7 @@ This section guides you through the steps to configure the Azure AD provisioning
114
104
115
105
1. Define the users and/or groups that you would like to provision to Facebook Work Accounts by choosing the desired values in **Scope** in the **Settings** section.
Copy file name to clipboardExpand all lines: articles/active-directory/saas-apps/netpresenter-provisioning-tutorial.md
+9-19Lines changed: 9 additions & 19 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -47,17 +47,17 @@ The scenario outlined in this tutorial assumes that you already have the followi
47
47
1. Click on the **Generate Token** button.
48
48
1. Save the **SCIM Endpoint URL** and **Token** at a secure place, you'll need it in the **Step 5**.
49
49
50
-
50
+
51
51
52
-
1.**Optional:** Under **Sign in options**, 'Force sign in with Microsoft' can be enabled or disabled. By enabling it, users with an Azure AD account will lose the ability to sign in with their local account.
52
+
1.**Optional:** Under **Sign in options**, you can enable or disable 'Force sign in with Microsoft'. If enabled, users with an Azure AD account will lose the ability to sign in with their local account.
53
53
54
54
## Step 3. Add Netpresenter Next from the Azure AD application gallery
55
55
56
-
Add Netpresenter Next from the Azure AD application gallery to start managing provisioning to Netpresenter Next. If you have previously setup Netpresenter Next for SSO, you can use the same application. However it's recommended that you create a separate app when testing out the integration initially. Learn more about adding an application from the gallery [here](../manage-apps/add-application-portal.md).
56
+
Add Netpresenter Next from the Azure AD application gallery to start managing provisioning to Netpresenter Next. If you have previously setup Netpresenter Next for SSO, you can use the same application. However it's recommended that you create a separate app when testing out the integration initially. Learn more about adding an application from the gallery [here](../manage-apps/add-application-portal.md).
57
57
58
-
## Step 4. Define who will be in scope for provisioning
58
+
## Step 4. Define who will be in scope for provisioning
59
59
60
-
The Azure AD provisioning service allows you to scope who will be provisioned based on assignment to the application and or based on attributes of the user / group. If you choose to scope who will be provisioned to your app based on assignment, you can use the following [steps](../manage-apps/assign-user-or-group-access-portal.md) to assign users and groups to the application. If you choose to scope who will be provisioned based solely on attributes of the user or group, you can use a scoping filter as described [here](../app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md).
60
+
The Azure AD provisioning service allows you to scope who will be provisioned based on assignment to the application and or based on attributes of the user / group. If you choose to scope who will be provisioned to your app based on assignment, you can use the following [steps](../manage-apps/assign-user-or-group-access-portal.md) to assign users and groups to the application. If you choose to scope who will be provisioned based solely on attributes of the user or group, you can use a scoping filter as described [here](../app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md).
61
61
62
62
* Start small. Test with a small set of users and groups before rolling out to everyone. When scope for provisioning is set to assigned users and groups, you can control this by assigning one or two users or groups to the app. When scope is set to all users and groups, you can specify an [attribute based scoping filter](../app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md).
63
63
* If you need additional roles, you can [update the application manifest](../develop/howto-add-app-roles-in-azure-ad-apps.md) to add new roles.
@@ -70,28 +70,18 @@ This section guides you through the steps to configure the Azure AD provisioning
70
70
71
71
1. Sign in to the [Azure portal](https://portal.azure.com). Select **Enterprise Applications**, then select **All applications**.
1. Under the **Admin Credentials** section, input your Netpresenter Next Tenant URL and Secret Token. Click **Test Connection** to ensure Azure AD can connect to Netpresenter Next. If the connection fails, ensure your Netpresenter Next account has Admin permissions and try again.
90
82
91
83
1. In the **Notification Email** field, enter the email address of a person or group who should receive the provisioning error notifications and select the **Send an email notification when a failure occurs** check box.
1. Under the **Mappings** section, select **Synchronize Azure Active Directory Users to Netpresenter Next**.
@@ -115,11 +105,11 @@ This section guides you through the steps to configure the Azure AD provisioning
115
105
116
106
1. Define the users and/or groups that you would like to provision to Netpresenter Next by choosing the desired values in **Scope** in the **Settings** section.
119
109
120
-
1. When you'r ready to provision, click **Save**.
110
+
1. When you're ready to provision, click **Save**.
121
111
122
-
This operation starts the initial synchronization cycle of all users and groups defined in **Scope** in the **Settings** section. The initial cycle takes longer to perform than subsequent cycles, which occur approximately every 40 minutes as long as the Azure AD provisioning service is running.
112
+
This operation starts the initial synchronization cycle of all users and groups defined in **Scope** in the **Settings** section. The initial cycle takes longer to perform than subsequent cycles, which occur approximately every 40 minutes as long as the Azure AD provisioning service is running.
0 commit comments