Step-By-Step: Enabling Azure Active Directory Authentication on iOS

  • Article

ThinkAzureITPRO

As mentioned in a previous post, Azure Active Directory provides the ability to further enable people with secure access to information from a plethora of devices. This capability is also extended to devices outside of the Microsoft umbrella allowing for a seamless, single sign-on experience. This Step-By-Step, will highlight the enablement of an iOS device for use across Microsoft online services, applications built on Windows Azure and hundreds of popular non-Microsoft cloud applications.

Prerequisites

  1. An active Microsoft Azure subscription. View Step-By-Step: Creating a Windows 2012 R2 Lab on Windows Azure should you require to setup your lab
     
  2. An iPhone and/or iPad running iOS 7.0 or later
     

Step 1: Adding an app to Azure Active Directory for authentication

  1. In the Azure portal navigate, on the right side menu, select Active Directory
     

  2. Select the Azure Active Directory instance to be used in this demo

    AzureActiveDirectoryiOS1

    Note: CANITPROWIRELESSLIFE was created for demo purposes however the default directory can be used
     

  3. Once inside the selected directory, select APPLICATIONS located in the top menu

    AzureActiveDirectoryiOS2
     

  4. Select ADD AN APPLICATION
     

  5. Three choices are provided. For this demo, select Add an application from the gallery

    AzureActiveDirectoryiOS3
    Note: Azure Active Directory can enable apps built by said organization as well as apps to be accessed outside of said organization. While the latter is currently in preview, the provided capability further enables choice for said organization
     

  6. In the APPLICATION GALLERY, type Facebook in the search box and hit enter

    AzureActiveDirectoryiOS4
    Note: There are over 2000 applications available to choose from in the gallery. Feel free to select a desired choice of app
     

  7. Select the checkmark in the lower right corner
     

  8. With Single Sign-on now enabled for Facebook via the assigned Azure Active Directory implementation, it is now time to enable the users who will be allowed to authenticate. Select the green Assign Users box

    AzureActiveDirectoryiOS5
     

  9. Select the desired user(s) and select Assign located on the bottom menu
     

  10. In the Assign Users windows, place a checkmark in the box beside I want to enter Facebook credentials on behalf of the user

    AzureActiveDirectoryiOS6
    NOTE: Users can be provided the option of entering their own credentials by not placing a checkmark in the box. This example is to represent a business specific application enablement provided by said organization

  11. Enter the required credentials
     

  12. Select the checkmark in the lower right corner
     

Step 2: Enabling an iOS device to authenticate with Azure Active Directory

  1. Download My Apps - Azure Active Directoryvia iTunes and install on a supported iOS device
     

  2. Run the application on the iOS device and provide the User Name and Password of the selected user

    AzureActiveDirectoryiOS7
     

  3. Select the enabled application to run

    AzureActiveDirectoryiOS8

Microsoft’s new push for Cloud first, Mobile first enablement has opened the doors to allow for secure data access from devices that support iOS, Android, Mac, Windows and Windows Phone. Visit Microsoft Virtual Academy to gain further insight as to what Microsoft Azure Active Directory Sync has to offer. Complete the Azure for IT Pros Jump Start to further your understanding as to what is possible.