如何外部联合和管理登录,帐户和订阅 [英] How to external federate and manage logins, accounts and subscriptions
问题描述
你好,
< p dir ="ltr"style ="line-height:1.38"> 在我的公司,我们正在评估一个方案,允许基于Keycloak的多云单
登录服务。它的工作相当好,目前我们希望将Azure云包含在此系统中。我们设法遵循这里的说明
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-fed-saml-idp
(虽然我们不得不调整一些步骤,因为文档似乎是错误的特别是当涉及到使用的shell命令时)但我们设法允许通过Keycloak IDP登录Azure AD中的用户。
问题是:什么是为这些用户提供帐户/订阅的最佳方式?我们希望
需要一个自动(最好的REST API)方式来在Azure中创建这些帐户和订阅。我们需要:
-
以编程方式创建订阅
-
以编程方式创建Azure AD用户
-
< span style ="font-size:11pt ;背景色:透明;垂直对齐:基线; white-space:pre-wrap">将这些用户分配给创建的订阅
我们需要进行企业注册才能以编程方式在Azure中创建
订阅吗?( https: //azure.microsoft.com/en-us/blog/programmatically-create-enterprise-subscriptions-preview)
它是否与云解决方案提供商相同?(因为这些API可以创建订阅文档中的声明:
https://docs.microsoft.com/en-us/azure/cloud-solution-provider/overview/azure-csp-overview
对于用户创建,我们认为我们可以使用Azure API。
< span style ="font-size:11pt; font-family:Arial; background-color:transparent; vertical-align:baseline; white-space:pre-wrap">
< p dir ="ltr"style ="line-height:1.38"> 这一般是正确的还是其他的,更好的方法来存档我们用
Azure计划的东西?
我们需要企业
注册是否正确才能以编程方式在Azure中创建订阅?
是的,目前这个功能是预览,你需要
Microsoft Azure EA帐户持有者。
是否与云解决方案提供商相同?
否, 使用Azure CSP,您可以管理客户订阅,
不能创建。
对于
用户创建我们认为我们可以使用Azure API。
<为此,您可以查看此文档 -
https://docs.microsoft.com/en-us/previous-versions/azure/ad/graph/api/users-operations#CreateUser
Hi there, At my company we are currently evaluating a scenario to allow a Keycloak based multi cloud single
sign on service. Its works rather well and currently we want to include the Azure cloud into this system. We managed to follow the instructions here
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-fed-saml-idp
(albeit we had to adapt some steps as the documentation seems erroneous especially when it comes to the shell commands used) but we managed to allow login of users in the Azure AD federated via the Keycloak IDP. The question is: what is the best way to provide accounts/subscriptions to this users? We would
need an automatic (REST API at best) way to create these accounts and subscriptions in Azure. We would need: Create Subscriptions programmatically Create Azure AD Users programatically Assign these users to the subscriptions created
Is it correct that we need to have a Enterprise Enrollment in order to programatically create
subscriptions in Azure? (https://azure.microsoft.com/en-us/blog/programmatically-create-enterprise-subscriptions-preview)
Is it the same as the Cloud Solution Provider? (as there are claims in the docs these API is able to create subscriptions:
https://docs.microsoft.com/en-us/azure/cloud-solution-provider/overview/azure-csp-overview For the user creation we figured we can use the Azure API.
Is this in general correct or are there others, better ways to archive what we have planned with
Azure? Is it correct that we need to have a Enterprise
Enrollment in order to programatically create subscriptions in Azure? Yes, currently this feature is is Preview and you
would need to be a
Microsoft Azure EA Account holder for the same. Is it the same as the Cloud Solution Provider? No,with Azure CSP you can manage the customers Subscriptions,
not create. For
the user creation we figured we can use the Azure API. For this you can have a look at this documentation -
https://docs.microsoft.com/en-us/previous-versions/azure/ad/graph/api/users-operations#CreateUser 这篇关于如何外部联合和管理登录,帐户和订阅的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
