Microsoft Adds App Delegation Capability to Azure Active Directory
Microsoft has updated Azure Active Directory Premium, adding a new capability to delegate application access rights.
IT pros can designate certain users within an organization to have the authority to assign access to applications. This app "self-provisioning" capability was at the preview stage back in April, but Microsoft announced this week that it has now reached "general availability," or commercial-release status.
The application delegation capability works with "all pre-integrated apps that support federated or password-based single sign-on in the Azure Active Directory app gallery, including apps like Salesforce, Dropbox, Google Apps, and more," Microsoft explained in April. Users with the authority to grant access to apps have to be managed using Azure Active Directory.
App administrators with single sign-on passwords also can be assigned the ability to "set the app usernames and passwords," Microsoft's announcement explained.
All pure Azure Active Directory-managed users have a self-service password reset capability for Office 365 applications, according to a recent Q&A blog post by the Active Directory Azure team. However, this password reset capability needs to be set up first. That's done using either the Azure Management Portal or the Office Administration Portal.
Microsoft this month also turned on a custom roles assignment capability for organizations with Azure Active Directory subscriptions. The custom roles capability, now at general availability status, lets IT pros modify the generic templates included with the Roles Based Access Control feature. It's conceived as a security feature to better limit user resource access.
Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.