DEV Community

Cover image for Step-by-Step Guide: Setting Up Azure Entra ID with Domain Names and User Management
Adaeze Nnamdi-Udekwe
Adaeze Nnamdi-Udekwe

Posted on

Step-by-Step Guide: Setting Up Azure Entra ID with Domain Names and User Management

Introduction

What is Azure Entra ID?

Originally known as Azure Active Directory (Azure AD), Azure Entra ID is a cloud-based identity and access management service provided by Microsoft. Controlling user identities and granting access to cloud-based resources, services, and apps is made efficient and secure with its help. To help businesses enhance security and expedite user management in both on-premises and cloud environments, Azure Entra ID enables role-based access control, multifactor authentication, and single sign-on (SSO).

Now that we know what an Entra ID is, let's set up one!

Prerequisites

Steps

Step 1: Create a Domain Name

i. Create a domain name with a domain name provider. Something simple and cheap. Below is my domain name which I created with Namecheap.

my domain name

Step 2: Create an Email Address.

i. Create an email address for the purpose of this task especially if you have created an Azure portal before or not. A hotmail, outlook or gmail will do. For the purpose of this task, I created a new hotmail account,so you can do the same.

Step 3: Create an Azure Cloud Account.

i. Create an Azure cloud account with this link . You can get free 200 credits if you are creating the azure account for the first time else you will have to use the pay-as-you-go model to set up your subscription.

Step 4: Create a DNS Zone

i. In the Azure portal you just created, search for DNS Zone, and click on create or create DNS zone. Anyone will work.

Image description

A DNS zone is a resource that contains the DNS records for a specific domain, allowing you to manage the domain's DNS settings such as IP addresses and mail exchange servers.

ii. Under Project details, in Subscription, pick the subscription that is there by default. In Resource group, click on create new and put a name of your choice.

Under Instance details, in Name, put your domain name which you created in step 1. In resource group location I picked Canada East. Then click review create.

naming

iii. You should see a page like this if you do everything properly. Click Create.

DNS Zone created

iv. You should see the image below.

deployment

v. Click on go to resources and see your DNS servers. I circled it for you to see.

DNS Servers

Step 5: Configure Nameservers on NameCheap

i. If you used namecheap domain provider, then navigate to the Domain List at your left, and click on manage by your right.

navigation

ii. Scroll down and you will see the nameservers section. Click the dropdown circled and pick Custom DNS.

custom dns

iv. From step 4, number v, copy all the nameservers circled and paste them on the namecheap nameserver lines, and press the green tick just above it to have them all saved.

namesever

Step 6: Create a Custom Domain

i. On a new tab, open the Entra ID link. Still, leave the Azure portal tab open as we will need it later.

ii. In the Entra ID, on the left side, navigate to identity >> settings >> domain names. Click on Add custom domain.

Add custom domain

iii. Add the domain name you created in this project and click Add domain.

domain name

iv. Click on verify just below.

verify

iv. Back to your Azure portal, click on Record set.

v. Copy the '@' in the Alias or hostname from the Entra ID tab and paste it in the Azure portal tab's Add record set name section.

vi. From the Enrta ID, the record type is 'TXT', pick it from the drop-down in the Azure portal.

v. The TTL in the Entra ID is 3600 seconds which is equivalent to 1 hour so pick 1 hour in the Azure portal.

vi. Copy the value under the Destination or points to address in Entra ID and paste it under value in the Azure portal. Click OK to create the record set.

record set

vii. You will see the record created just like the one below.

created record

viii. Go back to the Entra ID tab, and navigate to the custom domain names. We want to make our custom domain we created the primary domain. It is presently not the custom domain as the default one given to us by Azure is the primary domain.

primary domain

ix. Click on your domain name and tick the place that says make primary. Whatever prompt you see, click 'Yes'.

Image description

x. If you go back to your custom domain and refresh the page, you will see that your custom domain is now the primary domain.

primary domain

Step 7: Create single and bulk Users in Entra ID

i. Navigate to identity >> Users >> all users, click on create user drop down, and then click on create new user.

create user

ii. input a name you want in the User principal name and display name . You can use the auto-generate password or you untick it and create your own. Click Review + Create and then click on create. Refresh your page and you will see your newly created user.

user creation

iii. To create the bulk users using the company's domain name, click on bulk operations dropdown and click bulk create.

iv. Click on 'download' and download the spreadsheet and populate it with data

demo

v. It should look like what is below. Under the user name, let the names after the '@' be your domain name. Populate everything with names of your choice and then download the spreadsheet as a CSV file. The passwords can be changed by the users after they use their credentials to log in. They do not need to own the same passwords afterwards.

spread sheet

vi. Go back to the Entra ID page and then upload the downloaded file and then click submit.

upload

v. Refresh the page and you will see all the users from the uploaded spreadsheet just like mine below.

users data

Step 8: Assigning Roles and Groups.

i. Click on any user of your choice you want to assign a role to. We will be assigning an administrative (admin) role in this project. After clicking on any of the users, click on assigned roles and then add assignments

role assignment

ii. Assign global administrator if you want the person to be in charge of the azure account and give an account of all that happens in it. It is not a role to assign to anyone anyhow. You can read the permissions the person has that I highlighted. Then go ahead and click add.

global admin

iii. Click on audit logs to see a list of activities happening in the administrative user's account.

audit log

iv. Go back to your users and then on the left side, navigate to identity >> groups >> All groups and then click on new group

group creation

v. Populate the spaces with what you want like I did mine below. Click on No owners selected and pick user of your choice and No members selected and select users to be members in that group. For the No owners selected, you are selecting who will be in charge of the group you've created. Click create. Refresh your page and you will see the group you created. Click on it and see an overview of all you did.

populate

vi. This is what yours should look like when you are done creating the group and assigning owner and members to the group. Click on the group created. I have a total of 6 members and one owner. I added the owner as a member so they can have member privileges too.

group creation

Conclusion

To sum this up, this tutorial offered a comprehensive method for configuring and overseeing Azure Entra ID, encompassing the creation of domain names, email addresses, and DNS zones, in addition to setting up custom domains and handling users, roles, and groups. You can set up a safe and effective identity management system for your cloud environment by following these steps. With Azure Entra ID, you can improve security and streamline user management for both on-premises and cloud services.

Top comments (4)

Collapse
 
ogonna profile image
Ogonna Angela Umeh

Very detailed. I love this

Collapse
 
clouddiadem profile image
Adaeze Nnamdi-Udekwe

Thank you so much.

Collapse
 
odubote_damoladaniel_8c3 profile image
Odubote Damola Daniel

Great Job!
This is really comprehensive Ada!!

Thank you so much

Thread Thread
 
clouddiadem profile image
Adaeze Nnamdi-Udekwe

It's my absolute pleasure.