Identity management configuration

During the installation, the appropriate identity management solution (also called connected mode or disconnected mode) needs to be selected:

As you can see in the preceding screenshot, Azure Stack is supported to run in:

  • Azure China Cloud
  • Azure Cloud
  • ADFS (although called disconnected mode)

This means that if you run it in connected mode (using Azure Cloud or Azure China Cloud), the identity management is moved to Azure AD. To enable this, you will need to have proper permission (global administrator) in Azure AD. This is because the registration of applications needs to be done during the setup. The following table gives an overview of the tasks in detail:

After the specific registrations have been done, there is no need to have the global administrator permissions anymore. If Azure Stack is using disconnected mode, it relies on ADFS and creates the federation trust during the deployment. This means that ADFS has to be already in place before starting the setup:

For the Microsoft Graph configuration, a service account with read permission in the existing AD needs to be available. The requirements for AD and ADFS are Windows Server 2012, Active Directory 2012, and above.

The technical differences between both modes regarding available services are described in the following table:

For more details regarding identity configuration, the following URL could help at https://docs.microsoft.com/en-us/azure/azure-stack/azure-stack-integrate-identity.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.129.218.69