{"id":1566,"date":"2013-03-04T08:11:47","date_gmt":"2013-03-04T17:11:47","guid":{"rendered":"http:\/\/www.cloudidentity.com\/blog\/?p=1566"},"modified":"2013-03-04T22:25:59","modified_gmt":"2013-03-05T07:25:59","slug":"managing-windows-azure-ad-from-the-windows-azure-portal-3-add-a-co-admin-use-2fa","status":"publish","type":"post","link":"https:\/\/www.cloudidentity.com\/blog\/2013\/03\/04\/managing-windows-azure-ad-from-the-windows-azure-portal-3-add-a-co-admin-use-2fa\/","title":{"rendered":"Managing Windows Azure AD from the Windows Azure Portal 3– Add a Co-Admin, Use 2FA"},"content":{"rendered":"

Here there\u2019s the last of three super quick visual guides about playing with the new Windows Azure Active Directory features in the Windows Azure portal. Please make sure you read Alex\u2019s announcement<\/a> and watch Abhishek\u2019s video first! Also, you should read the first two posts of the series first.<\/p>\n

I\u2019ll try to keep the word count down, and let the screenshots speak! Hopefully this will entice you to try things yourself, and provide some reassurance if you are going through the process and get stuck. Note, I didn\u2019t work at all on this great feature! All the credit goes to the UX and directory teams, who did a super job here. I just went through the following steps as any other customer would, and took screenshots along the way.<\/p>\n

I broke down things in three posts:<\/p>\n

    \n
  1. The first post<\/a> shows you how to sign up for a new Windows Azure subscription using an organizational account from an existing Windows Azure Active Directory tenant (e.g. your existing directory from an Office 365 subscription, etc). This option is actually not new, it was already available to you few weeks ago. I captured it anyway to give you a full end-to-end walkthrough with coherent names & screens.<\/li>\n
  2. The second post<\/a> goes through the main directory management features offered by the portal<\/li>\n
  3. This post <\/strong>will demonstrate something really really cool: we\u2019ll create a new directory user, make it a global admin in the directory, and a co-admin in the Windows Azure subscription. Then\u2026 we\u2019ll configure that account to enforce phone-based additional authentication factor when accessing the portal \"Smile\" pretty awesome, eh? Spoiler alert: there will be pictures of my phone.
    \nREMEMBER: the multi-factor authentication feature is currently in PREVIEW.<\/li>\n<\/ol>\n

    Ready? Let\u2019s do this thing. Go back to the list of users, and click \u201ccreate\u201d.<\/p>\n

    \"image\"<\/a><\/p>\n

     <\/p>\n

    Fill the details in, and make sure you assing the global administrator role. Also, check the \u201crequire multi-factor\u201d option.<\/p>\n

    \"image\"<\/a><\/p>\n

     <\/p>\n

    User created! Paste the temporary password somewhere, we\u2019ll need it later.<\/p>\n

    \"image\"<\/a><\/p>\n

     <\/p>\n

    Now, we want to mark the newly created directory user as a co-admin for the current subscription. I didn\u2019t want to do too many screenshots for this, hence I compressed the instructions into one:<\/p>\n

      \n
    1. go to the settings tab<\/li>\n
    2. choose the administrators header<\/li>\n
    3. click add<\/li>\n
    4. enter the UPN of the newly created user<\/li>\n
    5. check the 3-months trial subscription<\/li>\n
    6. hit the \u201cok\u201d check button<\/li>\n<\/ol>\n

      \"image\"<\/a><\/p>\n

       <\/p>\n

      As established, your new user is now a co-admin. Time to test it! Sign out, and sign in as the new user.\"image\"<\/a><\/p>\n

       <\/p>\n

      Now, things will get a bit frantic. We created a new user: normally, that would entail at first login using the temporary password and changing it right away. On top of that, we are requesting multi-factor authentication: that too needs to be set up, and will also require extra steps. Long story short: this first sign in will have many steps, but it\u2019s a one-time only thing.
      \nLet\u2019s dive right in. Sign in with the temporary password.<\/p>\n

      \"image\"<\/a><\/p>\n

       <\/p>\n

      Windows Azure AD sees that the user is required to use multi-factor auth, but that was not set up yet; hence, it offers to set things up right this moment. Go ahead and click the blue button.<\/p>\n

      \"image\"<\/a><\/p>\n

       <\/p>\n

      Here you are asked to provide a phone number and choose how verification will take place, phone call or SMS. I picked SMS, given that it\u2019s pretty late at night and my wife would not appreciate a call \"Smile\"<\/p>\n

      \"image\"<\/a><\/p>\n

       <\/p>\n

      As soon as you hit save, the system will initialize by sending you a message.<\/p>\n

      \"image\"<\/a><\/p>\n

       <\/p>\n

      \u2026and sure enough, here there\u2019s the message. This will time out pretty fast, as I discovered when taking too much time capturing screens. Reply to the text with the provided code, then see what happens in the browser.<\/p>\n

      \"image\"<\/a><\/p>\n

       <\/p>\n

      Your phone authentication factor is set up. Once you hit close, the system will make you use it right away.<\/p>\n

      \"image\"<\/a><\/p>\n

       <\/p>\n

      Here there\u2019s the normal verification screen; expect the same phone flow as before.<\/p>\n

      \"image\"<\/a><\/p>\n

       <\/p>\n

      OK, now you concluded your directory sign-in; however, you are still using your temporary password\u2026 hence you\u2019ll have to change it.<\/p>\n

      \"image\"<\/a><\/p>\n

       <\/p>\n

      Once you change it, you are finally down with the setup! All that was a one-time thing, the steps from now on are the steps you will go through for signing in from now on.<\/p>\n

      Sign in with the new password.<\/p>\n

      \"image\"<\/a><\/p>\n

       <\/p>\n

      Do the phone authentication factor flow.<\/p>\n

      \"image\"<\/a><\/p>\n

       <\/p>\n

      …and you are in!!! Pretty cool, If I may say so \"Smile\"<\/p>\n

      \"image\"<\/a><\/p>\n

       <\/p>\n

      Alrighty, this concludes our quick visual tour on the new Windows Azure Active Directory features in the Windows Azure AD portal. Once again, make sure you read Alex\u2019s post about this<\/a>. This is very exciting stuff!!! \"Smile\"<\/p>\n","protected":false},"excerpt":{"rendered":"

      Here there\u2019s the last of three super quick visual guides about playing with the new Windows Azure Active Directory features in the Windows Azure portal. Please make sure you read Alex\u2019s announcement and watch Abhishek\u2019s video first! Also, you should read the first two posts of the series first. I\u2019ll try to keep…<\/p>\n","protected":false},"author":1,"featured_media":1553,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_kad_post_transparent":"","_kad_post_title":"","_kad_post_layout":"","_kad_post_sidebar_id":"","_kad_post_content_style":"","_kad_post_vertical_padding":"","_kad_post_feature":"","_kad_post_feature_position":"","_kad_post_header":false,"_kad_post_footer":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-1566","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/www.cloudidentity.com\/blog\/wp-json\/wp\/v2\/posts\/1566","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cloudidentity.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cloudidentity.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cloudidentity.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cloudidentity.com\/blog\/wp-json\/wp\/v2\/comments?post=1566"}],"version-history":[{"count":3,"href":"https:\/\/www.cloudidentity.com\/blog\/wp-json\/wp\/v2\/posts\/1566\/revisions"}],"predecessor-version":[{"id":1636,"href":"https:\/\/www.cloudidentity.com\/blog\/wp-json\/wp\/v2\/posts\/1566\/revisions\/1636"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.cloudidentity.com\/blog\/wp-json\/wp\/v2\/media\/1553"}],"wp:attachment":[{"href":"https:\/\/www.cloudidentity.com\/blog\/wp-json\/wp\/v2\/media?parent=1566"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cloudidentity.com\/blog\/wp-json\/wp\/v2\/categories?post=1566"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cloudidentity.com\/blog\/wp-json\/wp\/v2\/tags?post=1566"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}