How to Manage Users, Groups, and Global Administrator Role in Azure Using Microsoft Entra ID.

lolade ogundijololade ogundijo
4 min read

In today's cloud-centric world, the effective management of user identities and access control has become a critical concern for organizations. Microsoft's Azure platform, powered by Microsoft Entra ID, offers a robust and comprehensive solution to this challenge. By leveraging Azure Active Directory (AD), organizations can efficiently manage users, groups, and the all-important global administrator role, ensuring secure and controlled access to critical resources.

In this blog, we will create users and add them to a group, as well as grant the Global Administrator role to one of the users and log into the portal as a global administrator to create more users. This is to help organizations effectively govern their Azure environments.

Before we proceed, I will like to explain the difference between Azure AD roles and Azure roles.

Azure AD roles are specific to the Azure Active Directory (Azure AD) service and determine the permissions that a user has within the Azure AD tenant. Azure roles, on the other hand, are used to grant permissions to users, groups, or service principals to perform specific actions on Azure resources, like creating resource groups, Virtual machines, etc.

How To Create A User And Add them To A Group

To start with, you can either create the group first and then add the user, or vice versa. In this case, we are going to create the user first.

  1. Go to the Azure Portal and search for "Microsoft Entra ID."

  2. Once you get to the page, click on Users.

  3. You can either create a new internal user or invite an external user. In this case, we want to create a new user.

  4. This will lead you to the create new user page. It is important to note that the "user principal name" will bear the email address of the owner of the account. You can add the name of the user and the password. If you want an auto-generated password, leave it as the default; if not, you can create your own password. Then, click on properties.

  5. Give your user the first and last name and every other important detail needed. Leave the assignment page as a default. Click on "Review + Create."

  6. Click on Create.

  7. We have our user and other users created. Note: The owner is a user by default.

  8. Now, Let's create a group. Navigate back to the "default directory" and click on "Groups."

  9. Click on "New Group."

  10. Give your group a name and create it.

  11. Now we have our group created.

  12. To add a user to the group we have created, navigate to the "Users" page and choose the user.

  13. On the user page, click on "Groups" and "Add Memberships."

  14. Choose the group and add the user to the group

  15. Voila! The user is now a member of the group!

    How Grant Global Administrator Role to A User and Log in To create A new user.

A global administrator role has the highest level of access and can perform any action within the Azure AD tenant. They can create and manage users, groups, and other administrative roles, as well as configure directory settings and manage subscriptions.

When managing users in Azure, administrators can create new user accounts, update user information, and assign Azure AD roles to users.

  1. Click on the user you want to grant access to, and click on "Assigned roles."

  2. Click on "Add Assignments"

  3. Search for "global administrator" and add the role to the user.

  4. Open a new window and sign in to the Azure Portal. Copy your user principal name from the user overview and password for the user to sign in to the Azure portal.

  5. Create a new password and Sign in.

  6. If everything is correct, you should be able to access your account.

  7. Follow the steps above on "how to create a new user."

  8. Click on "Assignments." In this case, since we have created a group, we can add our new user to the group and assign any role to them.

  9. Create the user.

  10. Voila! We have our new user created!

In conclusion, the effective management of users, groups, and the global administrator role within the Azure environment, facilitated by the robust capabilities of Microsoft Entra ID, empowers organizations to maintain a secure, streamlined, and adaptable identity management system. This robust identity management solution enables businesses to confidently navigate the complexities of the cloud-centric landscape, safeguarding their assets and ensuring compliance with regulatory requirements.

0
Subscribe to my newsletter

Read articles from lolade ogundijo directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Cloud ComputingAzuremicrosoft-entra-id

Written by

lolade ogundijo
lolade ogundijo