Using Azure Active Directory applications to integrate with external applications. A good example is the social accounts used by companies where one or my users need to manage it. In this Tutorial we are going over a simple deployment using Twitter.
The first step of the integration is to install the application in your Azure Active Directory. In this Tutorial we have the APatricio directory that is being synchronized with Azure Active Directory.
Logged on the Azure Portal, we are going to click on Directory Services, and then select the desired Directory (in our case APatricio), and then click on Applications.
In the new page, click on Add an application from the gallery.
In the new page, select the application that you are planning to integrate, for this Tutorial we are going to select Twitter, and then click on the OK icon located at bottom right corner of the window.
Now that we have the application installed we will click on the first option which is Configure Single sign-on
For this Tutorial we are going to use the easier method which is Password Single Sign-On where the credential for the service account will be stored in Azure Active Directory, but we also have the option to use the Existing Single Sign-On which will use Federation Services (that is a topic for a future Tutorial).
Assigning users to the Application…
The second option is to assign users, we can do that at any time. We just need to make sure that we are in the Twitter application selected, and then we can select the desired user (in our case Paulo Nunes which was one of the best soccer players in my team Gremio in the earlier 90’s) and then click on Assign.
In the new page we can leave default settings which will publish the application to the user however when he clicks on it then the credential to the service must be provided only the first time.
The second option, and that is my favourite specially for social media accounts that are corporate is to use the option I want to enter Twitter credentials on behalf of the user and define the username and password to access the service (in our case Twitter). Click on the OK icon.
Wait for the successfully enabled access for the selected users message at the bottom of the page.
That’s it, now the application is already published to the end-user and he can go there an access the Twitter account without knowing the password for the Twitter Service. If the user is fired then the account remains secure as long as you disable his Active Directory account. On the same way, you can assign that permission to a different user (a new employee) and it will have access to use the Twitter account.
In this Tutorial we went through the basic steps to configure a service account on twitter and assign that to the user. In the next Tutorial we are going to show the end-user experience accessing this published application.