AZURE Active Directory-服务主体和企业应用程序之间有什么区别? [英] AZURE Active Directory - What is the difference between a Service Principal and an Enterprise Application?

查看:134
本文介绍了AZURE Active Directory-服务主体和企业应用程序之间有什么区别?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我经常对Azure AD中的三个主题感到困惑:

Three topics in Azure AD I'm constantly confused on:

  1. 服务负责人
  2. 企业应用
  3. 应用注册

有什么区别?

我可以轻松地进入应用程序注册"并注册一个应用程序",而该应用程序"甚至不需要存在.它所需要的只是一个URL,它也可以是完全随机的.然后,此应用程序注册成为服务主体,例如,您可以使用该服务主体从PowerShell连接到Azure?为什么?我不明白.

I can easily go into "App Registrations" and register an "app" while that "app" doesn't even need to exist. All it requires is a URL which can also be totally random. This app registration then becomes a service principal which you can use to connect to Azure to from PowerShell for instance? Why? I don't understand this.

请告知,并且您可能会说,我是Azure的新手:)

Please advise, and as you can probably tell, I'm new to Azure :)

推荐答案

当您以开发人员身份编写应用程序时,将在给定的租户中注册该应用程序,并指定其属性.这发生在Azure AD的应用程序注册"刀片中. 我敢打个比方,说该应用就像面向对象语言中的类"(具有一些静态属性,这对于所有实例都是相同的)

When you write an application as a developer, you will register it in a given tenant, and will specify it's properties. This happens in the App Registration blade in Azure AD. I'll dare an analogy by saying that the app is like a "class" in object oriented languages (with some static properties, which will be common to all instances)

通过注册该应用程序,如果您使用门户在该给定的租户中,这还将自动为此应用程序创建一个服务主体,您可以在Azure门户的企业应用程序"刀片中找到该主体. 为了继续我的类比,门户网站创建了该类的一种实例.该服务主体包含与应用程序,租户及其用户相关的信息.例如,它包含用户的活动,特别是他们所同意的内容.

By registering the application, in that given tenant if you use the portal this also automatically created a service principal for this application, which you can find in the "Enterprise Applications" blade of the Azure portal. To continue with my analogy the portal creates a kind of instance of that class. This service principal contains information which are related to both the application and the tenants and its users. For instance it contain the activity of the users, what they have consented to in particular.

现在,如果在应用程序注册/应用程序管理期间,您确定您的应用程序是多租户",那么,当在其他租户中访问该应用程序时,将在该租户中创建另一个服务主体(请记住该实例)

Now if during the app registration / app management, you decide that your application is "multi-tenant", then, when the application is accessed in other tenants, another service principal (remember this instance) will be created in that tenant.

顺便说一句,您转到了新的应用程序注册(预览)刀片在azure门户中,当您创建应用程序时,现在可以按类别很好地查看该应用程序的所有属性(所有服务主体通用的所有属性).现在,如果在应用程序的概述"选项卡中,单击链接本地目录中的托管应用程序",您将进入同一租户中的相应服务主体(在这里您将看到哪些用户访问了应用程序,何时何地可以授予管理员同意-如果您是租户管理员-并查看活动和审核日志)

BTW, you go to the new App Registration (Preview) blade in the azure portal, when you create an application, you can now see nicely grouped by categories all the properties of the app (all the properties which are common to all the service principal). Now if, in the "Overview" tab of the app, you click on the link "Managed application in local directory", you'll get to the corresponding service principal in the same tenant (where you'll see which users have accessed the app, when, where you can grant admin consent - if you are tenant admin -, and see the activity and the audit logs)

这篇关于AZURE Active Directory-服务主体和企业应用程序之间有什么区别?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆