01 Nov 2016

Using Shared Web Accounts for Team Members? Do It Without Sharing The Password

Enter Your Password

It is common for team members to all login with a single account for some web applications.  For example, we have a couple of individuals who log into the company Twitter and Instagram accounts to post regular updates.  However, only one of these people actually knows the password.  To do this we are using features of Azure Active Directory and single sign-on (SSO) for the web accounts shared with a team. You can use Azure Active Directory allowing Office 365 users to automatically log in to almost any SaaS or web based application.

Here are the steps you need to follow:

  1. Add The Application To Azure Active Directory
  2. Assign The Application To Users/Shared Mailbox
  3. Launch The Application
  4. Install The Browser Plug-in
  5. iOS Single Sign-On
  6. References

Add The Application To Azure Active Directory

First, create a Shared Mailbox. This is important if you want to log in multiple users – I’ll explain why in a minute.  It also makes it easier when creating the account in the external web application. You can register the account with the shared email address of the distribution group so everyone that uses the shared account can get notifications.

Now, log into the classic Azure management portal (https://manage.windowsazure.com) and navigate to your directory. Browse to the Applications tab along the top and then select the Add button at the bottom of the window.  You will then be asked “What do you want to do?”. Select the option to “Add an application from the gallery”. Search for the web application, chances are that you will find it. Otherwise, you can try it as a custom application or request integration for the application.

Azure Application Gallery

Select the application, give it a display name and click the check box to continue.  In many cases it will add the application and return to the Azure Active Directory Applications list.  For some applications you will need to supply additional options.  I won’t go into those options in this post, but some applications have additional integration features.  For example, you could auto-create user accounts in the destination application based upon matching Azure Active Directory users.

You should now now see a screen stating that “Your app has been added!”. The app is now available for single sign-on, but in order for users to be able to use it, you must assign accounts (or users) to the app. Click the Assign accounts button to continue.

Azure AD App has been added

Assign The Application To Users/Shared Mailbox

Here we have the option to assign individual users for single sign-on for the app; or better yet, assign a group so that the members can all use the app. Remember when I said there was a reason we need to create a shared mailbox? Well, this is the only type of group membership that is available for assignment for single sign-on.  In the list of users, select the shared mailbox you created and click the Assign button at the bottom of the screen. Once you click the check box to enter credentials on behalf of the user, you will be prompted for the User Name and Password that is used to log into the website.
Supply Username and Password

Launch The Application

After a while, it usually does not show up right away, the app icon will appear in the Office 365 app launcher (or waffle). If you don’t see it check under the New or All menus. The user can now click the app icon and a new browser tab will open taking you to the application.  When the application loads it will fill in the username and password and log the user in automatically.  This only works if the web browser already has the right plugin installed for Azure Active Directory.
App Launcher

Install The Browser Plug-in

 In order to fill the username and password to log the user in a browser plugin is needed. Most of the time, when you click the icon in the app launcher you will be prompted to install the plugin if it has not already been installed. Sometimes it will work, other times you will need to go to your browser’s extension gallery and manually install it.
Install SSO Plugin
When you go to the browser’s extension gallery you will need to search for the Access Panel Extension by activedirectory.windowsazure.com. Also, depending on your browser you may need to manually enable the extension.
Chrome – https://chrome.google.com/webstore/detail/access-panel-extension/ggjhpefgjjfobnfoldnjipclpcfbgbhl?hl=en-US
Firefox – https://addons.mozilla.org/en-US/firefox/addon/access-panel-extension/
Internet Explorer –

iOS Single Sign-On

To get single sign-on access from an iPad or iPhone it is a little different.  You must first install My Apps – Azure Active Directory from the iTunes App Store.  After you launch the app you will see all of the external apps in a launcher style application. When you select the app it will launch and auto login.
iOS My Apps

References

Azure Active DirectoryIntegrationSingle Sign-On
Share
This

Post a comment