Monday, January 18, 2021

Another try at granting access to our Azure Active Directory user

 To recap we:

  1. Created a new email address
  2. Created a Microsoft Account associated with the email address
  3. Created an Azure Free Trial account
  4. Built a static web site
  5. Created a GitHub account and repository
  6. Created an Azure Function
  7. Created a new Azure AD tenant and added a user to it
  8. Logged into Microsoft Online using our new user
  9. Logged into Azure Portal with our new user 
  10. Granted the new user Contributor rights on the Azure Function
  11. Logged back into the Azure Portal and looked for the Azure Function (we didn't find it)
Now what we want to do is log in with our new user and see the Azure Function.  Looking at the documentation I found that 
Multiple subscriptions can trust the same Azure AD directory. Each subscription can only trust a single directory.
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-how-subscriptions-associated-directory
So, we have a little problem.  When we created our subscription, a domain was automatically created.  If you want to see it and the one we made, log into the Azure Portal with your original email address and click on your account in the top right and click on <switch directory>
Then you will see the Default Directory that was created and the new directory we created
You if you click on the Default Directory you will change to it.  If you click on your new tenant you will change it.  So, when we assigned our new user to the role for the Azure Function we invited the user to be a guest in the Default Directory.  If we look back at the notifications and read them we can confirm it
Type active directory in the search box in the top middle and then click on <azure active directory>
Now click on <users> in the left menu
And you can see user1 is a Guest user
Tomorrow we will try and assign our subscription to the new tenant so that our user can be granted rights.