How to Create Azure AD Tenants and Objects in Azure AD




The Azure Active Directory is a fully optimized multi-tenant service offered by Microsoft on its Azure platform, offering access and identity capabilities for apps that run in Microsoft Azure, as well as those that run on premises. The directory is integrated with Azure’s Data Catalog apps, which enables secure authorization and sign-ins for your apps.

If you want to integrate your app with the Azure Active Directory, you will need to register your application’s details with the active directory, through the Azure portal. However, before you can register it, you need to first create an Azure Active Directory tenant.

What is an Azure AD Tenant?

Simply put, a tenant is a virtual representation of an organization, which has signed up with Microsoft’s Azure cloud service. When the latter takes place, Microsoft provides a single instance of its Azure Active Directory service.

Here, we will take a look at how you can create an Azure AD tenant; starting with setting up an Azure Active Directory.

Azure Active Directory Setup

We will begin, first, by setting up an Azure Active Directory, which forms the basis for the AD tenants. Following is a brief guide on the Azure AD setup:

  • Start by navigating to https://manage.windowsazure.com/, and logging in with your account. This is the account that you have used with your Azure subscription.
  • On the subsequent page, in the left pane, select ACTIVE DIRECTORY management.
  • At the bottom of the page, there will be a NEW icon. Click it to begin the AD setup.
  • On the left of the page, among the series of icons, select APP SERVICES.
  • In the menu that opens up on the right, select ACTIVE DIRECTORY, which opens up another menu. Select Directory, and then CUSTOM CREATE.

Adding a New Directory

The ‘custom create’ option will allow you to add a new directory. On the ADD DIRECTORY page that opens, enter the domain name and the relevant directory name. Next, in the country/region option, choose either the United States, or the country in which the Data Catalog, is currently present.

Click on the check icon. You have now set up a new Azure Active Directory. Your particular instance of the Azure AD is the tenant. Now, let’s see how you can add a new user to your Azure AD tenant.

Adding a New User to the Azure AD Tenant

If you want to register an Azure AD app, you will first need to add a new user from within your existing Azure Active Directory.

To do so, bring up the Active Directory you have just set up. On the page, click on USERS.

On the selection bar at the bottom of the page, choose ADD USER. You will need a new user account in order to register a Data Catalog application.

Creating Objects through the Azure AD Application

Having completed the steps mentioned above, you will have set up an active directory. After registry of an Azure AD app, there will be two distinct objects created automatically, within your Azure AD tenant; namely the service principal object and the application object.

Let us discuss both the objects in detail.

Application Object

The application object serves as the virtual definition of the Azure AD application. Said object is stored inside the aforementioned tenant, in which you registered the application. This tenant is also known as the ‘home tenant’ for the application. Azure Active Directory features a graph, known as the Application entity, which essentially details the plan outline for the properties of the application object.

Service Principal Object

Each Azure AD tenant is responsible for securing resources, which need to be accessed through the presentation of a security principal. Said principal is presented to any entity that wishes to access the resources present within an Azure AD tenant.

This policy is consistent for both the applications (which are presented with a service principal), as well as users (which are presented with a user principal). The security principal essentially defines the permissions as well as the access policy for the application or user in that particular tenant. Doing so allows for the authentication of the application or user at the time of signing in, as well as authorization during accessing resources.

Whenever an application is allowed to access the resources inside a tenant (either upon consent or registration), the action creates a service principal object. The ServicePrincipal entity, which is an Azure AD Graph, lays out the plan outline for the properties of the service principal objects.

 

Creating an Azure AD tenant, as well as other Microsoft Azure processes and skills are all part of the Microsoft Azure Mastery course at Quickstart. The course outlines an intricate layout of learnable aspects of Azure, making you an expert in the innovative cloud services platform. Head on over to our course page, to learn more.

About The Author
Dennis
Enterprise Account Manager at QuickStart

Dennis Tello

Dennis is a passionate individual with eight years of experience in the industry. He loves working with organizations large and small, helping them train their technology teams. He specializes in DevOps training and has helped a number of organizations turn their IT teams into game-changers.