Objective: Add Azure AD user and demonstrate Microsoft Access Panel
Add Users into Azure AD Directory
Adding a user to this application for access, I added an existing user Test1 in my SPB2B AD Directory to this application.
Go to the Enterprise Application > Users and Groups
User Test Case
To access the SharePoint app you can either go through the My Apps portal at https://myapps.microsoft.com or go directly to the published SharePoint app URL at https://roykimspublishedsharepoint-spb2b.msappproxy.net/. Either way, you will be first prompted for Azure AD credentials. In this case, the username is email@example.com.
My Apps portal:
For the published SharePoint application, you will be prompted again for any login credentials of the domain user account. At this point in the configuration, there is no single sign-on with Azure AD login.
- Logged into My Apps Portal such that user was authenticated against Azure AD as firstname.lastname@example.org
- When you click the SharePoint app URL, you will get prompted for credentials that are only on-premise AD domain account credentials. This is not a desirable user experience.
- To solve this problem, one way is to setup single sign-on with Kerberos constrained delegation with Azure App Proxy and Azure AD Connect. This is will be discussed in the next blog.