使用Office 365 Azure Active Directory租户启用Azure Active Directory访问控制 [英] Enable Azure Active Directory Access Control with Office 365 Azure Active Directory tenant
问题描述
我目前有一个Office 365租户,其中大约1400个用户都获得了许可.我们已经使用相同的帐户启用了Azure AD租户,并且现在正在使用Azure AD Dirsync对Office 365进行相同的登录.
I currently have an Office 365 tenant with around 1,400 users all licensed. We have enabled the Azure AD tenant with the same account and are now using Azure AD Dirsync to have same sign-on to Office 365.
我们现在正在开发一个外部Sharepoint站点,并已将ADFS或Azure AD ACS作为身份验证方法提供.由于我们已经通过Office 365获得了Azure AD订阅,因此我认为这是最简单的方法.但是,当我在 https://manage.windowsazure.com 上的租户中时,我可以访问Active Directory,可以添加新目录,但不能添加新的访问控制服务.它变灰了,并在下面说不可用".
We are now having an external Sharepoint site developed and have been offered either ADFS or Azure AD ACS as an authentication method. As we've already got an Azure AD subscription (through Office 365) I thought this would be the easiest method. However, when in my tenant on https://manage.windowsazure.com, I have access to Active Directory, can add a new directory but cannot add a new Access Control service. It's greyed out and says "not available" underneath.
我尝试过与Office 365支持人员进行交谈,后者将我称为Azure支持人员,然后后者说我们没有支持人员,因此无济于事.我已经谈过Azure销售,他们已经把我转给了Azure支持,然后他们猜测是什么,说我们没有支持.
I've tried talking to Office 365 support, who referred me to Azure support, who then said we don't have support so can't help. I've spoken to Azure sales and they've referred me to Azure support, who then guess what, said we don't have support.
是否有其他人使用免费的Azure Active Directory订阅设法从Office 365租户中实现Azure访问控制服务?我觉得我只需要购买一个便宜的Azure订阅,该选件就可以使用了,但是我不确定自己是否会犹豫一下.
Has anyone else managed to implement an Azure Access Control service from an Office 365 tenancy using the free Azure Active Directory subscription? I get the feeling I just need to buy a cheap Azure subscription and the option would become available, but without knowing for sure I'm a bit hesitant about taking the plunge.
谢谢.
推荐答案
我可以想象您不能为此目的使用免费的Azure订阅,因为使用访问控制服务会带来成本.免费订阅不与任何信用卡绑定.当你有例如按需付费订阅,您应该可以创建ACS名称空间.我只是尝试了我的按需付费"订阅方式.
I can imagine that you cannot use the free Azure subscription for this purpose because using the Access Control Service brings costs. The free subscription is not tied to any creditcard. When you have e.g. a pay-as-you-go subscription you should be able to create a ACS namespace. I just tried in one of my pay-as-you-go subscriptions.
您(仍然)可以创建名称空间,但是我建议您也了解一下Azure AD本身具有的标识可能性. Azure AD当前仅支持SAML 2.0(以及许多其他协议,但它们与SharePoint没有直接关系).我知道SharePoint(本地)仅使用SAML 1.1,因此ACS才是其中的地方.您可以阅读有关此主题的更多信息此处. Azure AD本身 将支持SAML 1.1.唯一的问题是何时. (请参阅此答案下方提到的来源中的评论之一)
You are (still) able to create a namespace but I suggest you to also take a look into the identity possibilities Azure AD itself has. Azure AD has currently only support for SAML 2.0 (and a lot of other protocols but they are not directly relevant for SharePoint). I know SharePoint (on-premises) only talks SAML 1.1 so that's where ACS comes in. You can read more about this topic here. Azure AD itself is going to support SAML 1.1. The only question is when. (see one of the comments from the source mentioned below this answer)
我还将对Azure AD ACS进行注释,因为此 将由Azure AD代替.剩下的唯一问题是 何时 .
I also would make one remark about Azure AD ACS because this is going to be replaced by Azure AD. The only question left is when.
Azure AD中的ACS功能
正如我们之前提到的,我们正在将类似ACS的功能添加到Azure AD中.在未来的几个月中,作为功能预览的一部分,Azure AD管理员将能够与社交身份提供程序以及以后的自定义身份提供程序添加联盟.这将使应用程序开发人员可以使用Azure AD简化其应用程序中的身份实施,类似于当今开发人员使用ACS的方式.我们期待收到您对预览的反馈,以改善这些体验.
As we've mentioned previously, we are adding ACS-like capabilities into Azure AD. In the coming months, as part of a feature preview Azure AD administrators will be able to add federation with social identity providers, and later custom identity providers to Azure AD. This will allow app developers to use Azure AD to simplify the identity implementation in their apps, similar to how developers use ACS today. We look forward to getting your feedback on the preview to improve these experiences.
将ACS客户迁移到Azure AD
一旦Azure AD的这些新的ACS功能无法预览并且普遍可用,我们将开始迁移ACS名称空间以使用新的Azure AD的功能.
Once these new ACS capabilities of Azure AD are out of preview and generally available, we will start migrating ACS namespaces to use the new Azure AD capabilities.
来源: 查看全文
