Azure AD: Step-By-Step Guide On How To Create A New Tenant
Any company needs to have a proper identity. When you are new or when you are working on different strategies, it can be difficult to know where to go from here. The right company profile is the first step in setting up a solid foundation for your business. A tenant is an organization within Azure Active Directory that helps manage users, groups, and properties in your organization. A tenant can contain one or many organizations and/or users. Each organization has its properties like name, address, phone number, etc., which makes it easier to find specific data across all tenants in your organization. Tenants also provide access to information using their user interface (UI) called Azure AD Users UI.
What is Azure AD?
Azure AD is Microsoft’s unified identity management platform for enterprises. Azure AD offers single sign-on with cloud applications, user management, fraud detection, and encryption. You can also use it for managing user devices, apps, and macros. Azure AD integrates email, IoT, cloud, mobility, and application management. You can manage user access to cloud applications, devices, and data. Thanks to the unified user interface, you can also manage user settings, security, and privacy. Azure AD is designed to help you manage user identities and access across devices, apps, and services. You can set up single sign-on and make your users’ experience easier by granting access to apps and services. Azure AD also identifies and prevents fraud, making it easier to control who uses your organization’s resources.
What is a Tenant?
A tenant is an organization within Azure Active Directory (Azure AD) that helps manage users, groups, and properties in your organization. A tenant can contain one or many organizations and/or users. Each organization has its properties like name, address, phone number, etc., which makes it easier to find specific data across all tenants in your organization. Tenants also provide access to information using their user interface (UI) called Azure AD Users UI. Tenants are the user-facing part of Azure AD. For example, if you have an application that leverages the ability to sign in users and grant them access to various resources, then using Azure AD you can create a tenant for your organization and then create a user for your application within that tenant. You can then grant that user access to resources that the application needs to operate. Azure AD provides a visual representation of users and groups that allows users to see resources that are “shared” with them and allows application owners to see resources that have been granted access.
Create a New Tenant in Azure AD
You can create a new tenant in Azure AD from the Azure Active Directory admin center. When creating a new tenant, select either an existing tenant in Azure AD or create a new one. Select an existing tenant if you want to manage your Azure AD organization within the same Azure AD tenant. If you select “Create a new tenant,” you can then enter the name of your tenant and the name of the country in which your organization should be located. If you want to use an existing domain name, you can enter it here. Once you have entered the desired details, click the “Create” button. Your new tenant will be created and you will be able to access it from the Azure AD admin center.
View and manage existing users in Azure AD
From the Azure AD admin center, navigate to Users > Users. In the Users table, you can see all existing users in Azure AD. You can manage users by clicking the “Manage” link next to the user’s name. From the management page, you can change user details, delete the user account, or delete the user from Azure AD. You can also manage user permissions from the management page. There are two ways to manage user permissions. If the user belongs to a group in Azure AD, you can manage the permissions for the group. If the user does not belong to a group, you can manage the permissions for the individual user.
Change the default user in Azure AD
The default user in Azure AD is the user who signs in to Azure AD. You can change this user to another user, such as your company manager. To change the default user, navigate to Users > Default User in the Azure AD admin center. From the default user’s page, click the “Edit default properties” button. Enter the user’s new name and click the “Update” button.
Set up directory-based user authentication
When creating a new tenant in Azure AD, you have to select a directory with directory-based authentication. Directory-based authentication is the default authentication method that uses an Active Directory Domain Services (AD DS) directory to authenticate users. It’s a great choice if your organization’s infrastructure supports directory-based authentication and is a great option for Azure AD. To learn more about this authentication method and how it works, read our blog post about directory-based authentication in Azure AD. Azure AD supports multiple authentication methods such as password, token-based, certificate, or Microsoft Account. For organizations that want to use password-based authentication, you can create a directory with hybrid authentication. Hybrid authentication (also known as multi-factor authentication) uses two factors: a user name and an access code (for example, a one-time use code sent to your mobile device).
Use RBAC with Azure AD
Role-Based Access Control (RBAC) helps administrators manage access to resources by defining permissions. A role can represent the role of an individual user or group in a scenario. When you create a new role, you define the permission levels that the role has. Each permission level represents a role in Azure AD. An administrator can apply permissions to a role by assigning users to the role. A user can have permissions assigned to more than one role at a time. For example, let’s say you have a department that has a specific set of permissions that they should be able to access. For this department, you can create a new role with those permissions. You can then assign users to the role so that they have those permissions. When an employee needs those permissions, they simply need to be assigned to the role.
Integrate Microsoft Teams with Microsoft 365 Groups and AzureAD BFFF API
Teams are created as a collaboration platform and have been integrated with Azure AD. Azure AD BFFF API is a back-end API that allows advanced authentication options. You can use BFFF API to create custom tokens or custom claims for Azure AD users. In Teams, you can use the “Add user” option to sign in the user to Azure AD. After the user signs in, you can see the custom claims on their profile.
Wrapping Up
Azure AD provides an easy way to manage user identities across devices, apps, and services. Azure AD also enables directory-based single sign-on with directory-based authentication (commonly referred to as directory-based/AD DS authentication) and directory-based/multi-factor authentication (commonly referred to as hybrid authentication). With directory-based authentication, users authenticate by using their Active Directory domain or work domain account. With hybrid authentication, users authenticate using their user name and a second factor such as a code or phone call. Azure AD helps automate user authentication and provides a single sign-on experience across various apps and services. Once you set up Azure AD, it will help you manage user identities across devices, apps, and services.