Azure AD身份提供商 [英] Azure AD Identity Providers
问题描述
我一直在修改Azure AD API,通过MS文档使用它非常简单。 API调用围绕用户管理,添加/更新/删除,以及通过将此
添加到特定Azure AD组中来授予用户访问PowerBI足迹的权限。我注意到还有一个身份提供商的API,我想知道它能做什么。
I have been tinkering with the Azure AD API and it has been fairly simple to use via the MS documentation. The API calls are around user management, add/update/remove, in addition to granting users access to our PowerBI footprint by adding this into a specific Azure AD Group. I noticed there is also an API for Identity Providers and I am wondering what that is capable of.
具体来说,是否可以将Azure AD配置为使用外部Idp进行用户身份验证?例如,如果我想支持一个SSO场景,其中用户已经登录到外部Web应用程序,但后来想要通过SSO进入PowerBI
仪表板来管理报告。我们的想法是,当用户导航到Power BI仪表板时,Power BI会命中Azure AD和Azure AD(可能通过已配置的身份提供商?)将身份验证重定向到外部< g class =" gr_
gr_883 gr-alert gr_spell gr_inline_cards gr_disable_anim_appear ContextualSpelling ins-del multiReplace"数据-GR-ID =" 883" ID = QUOT; 883">&的IdP LT; / g取代;验证用户。如果用户尚未经过身份验证,那么他们会将
重定向到由IdP管理的登录页面。
Specifically, is it possible to configure Azure AD to use an external Idp for user authentication? For example, if I wanted to support an SSO scenario where a user is already logged into an external web application but then wants to SSO into the PowerBI Dashboard to manage reports. The thought is that when the user navigates to the Power BI Dashboard, Power BI would hit Azure AD and Azure AD (maybe via a configured Identity Provider??) would redirect the authentication to the external <g class="gr_ gr_883 gr-alert gr_spell gr_inline_cards gr_disable_anim_appear ContextualSpelling ins-del multiReplace" data-gr-id="883" id="883">IdP</g> to authenticate the user. If the user was not already authenticated, then they would be redirected to the login page managed by the IdP.
如果我没有为任何人提供足够的解释,我道歉如果有其他问题可以帮助减少混淆,请告诉我。这对我来说是一个新的领域所以我一直试图弄清楚< g class =" gr_
gr_1265 gr-alert gr_tiny gr_spell gr_inline_cards gr_disable_anim_appear ContextualSpelling multiReplace"数据-GR-ID =" 1265" ID = QUOT; 1265" I标记< / g取代;可以在发布此问题之前。
I apologize if I am not explaining this enough for anyone to provide an answer so if there are other questions that can help reduce confusion please let me know. This is a bit of a new area for me so I have been trying to figure out as much as <g class="gr_ gr_1265 gr-alert gr_tiny gr_spell gr_inline_cards gr_disable_anim_appear ContextualSpelling multiReplace" data-gr-id="1265" id="1265">i</g> can prior to posting this question.
亲切的问候。
推荐答案
您好Scott.Morman,
是的,您可以将Azure AD配置为使用外部IDP进行用户身份验证。在Azure AD中,您可以配置对非库应用程序的单点登录。您可以转到Azure Active Directory - >企业应用程序 - >新申请 - >非图库
应用程序和从图库添加应用程序,您还可以通过选择非图库应用程序并配置单点登录来添加不公开的应用程序。
您还可以查看以下文档,以配置Azure AD中对非库应用程序的单一登录。
https://docs.microsoft.com/en-us/azure/active -directory / manage-apps / configure-single-sign-on-gallery-applications
如有需要请告知我们你有任何进一步的疑问。要记得"标记为答案"如果这些信息对您有所帮助,那么它可以帮助寻找类似答案的社区。如果信息无效,而您需要更多信息,请告知我们,我们可以继续进行对话。
谢谢。
$
Hi Scott.Morman,
Yes, you can configure Azure AD to use an external IDP for user authentication. In Azure AD you can configure single sign-on to non-gallery applications. You can go to Azure Active Directory -> Enterprise Applications -> New application -> Non gallery application and Add an application from the gallery, you can also add an unlisted app by selecting Non-gallery applications and configure single sign-on.
You can also check the below documentation to configure single sign-on to non-gallery application in Azure AD.
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-single-sign-on-non-gallery-applications
Please let us know in case you have any further queries on this. Do remember to "mark as answer" in case this information helped you so that it helps the community who are searching for similar answers. In case the information does not help and you would like some more information , please let us know and we can continue the conversation.
Thank you.
这篇关于Azure AD身份提供商的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
