How to: Add Portal Administrators
Published: April 7, 2011
Updated: February 21, 2014
Applies To: Windows Azure
Windows Azure Active Directory Access Control (also known as Access Control Service or ACS)
In Windows Azure Active Directory Access Control (also known as Access Control Service or ACS), portal administrators are users who have access rights to a particular Access Control namespace in the ACS Management Portal. This topic explains how to add portal administrators. For more information about portal administrators, see Portal Administrators.
Summary of Steps
To add new portal administrators, complete the following steps:
Step 1 – Review Identity Providers in the Access Control Namespace
When you create an Access Control namespace, ACS creates a default portal administrator account. The value is Windows Live ID (Microsoft account) of the user who created the Access Control namespace. ACS also adds Windows Live ID as an identity provider. If the user account that you want to promote is hosted by an identity provider other than Windows Live ID, you need to add that identity provider to the Access Control namespace and then promote the user account.
The ACS Management Portal uses federated identities for management. As a result, administrative accounts in the portal are hosted by identity providers, not by the Access Control namespaces. To promote a user to an ACS portal administrator, you must first add the identity provider that is hosting the user account to the Access Control namespace.
To add an identity provider
Go to the Windows Azure Management Portal, sign in, and then click Active Directory (Troubleshooting tip: "Active Directory" item is missing or not available).
To manage an Access Control namespace, select the namespace, and then click Manage. (Or, click Access Control Namespaces, select the namespace, and then click Manage.)
Click Identity providers.
If the identity provider that hosts the user account is not listed, add the identity provider. For more information, see Identity Providers.
Step 2 – Add a Portal Administrator
After the identity provider that host the user account is added to the namespace, you can promote the user to a portal administrator.
To add a portal administrator
In the ACS Management Portal, click Portal administrators and then click Add.
On the Add Portal Administrator page, select the identity provider that hosts the user account.
In Identity claim type, select a claim type that can uniquely identify the user. By default, the menu displays all claim types that are supported by the identity provider and included in the metadata that ACS imports.
Important It is critically important that the selected claim type uniquely identify an individual user account (or a security group). The following claim types qualify.
NameIdentitifer (if the value is known)
In Identity claim value, enter a value for the claim type. For example, if you selected an EmailAddress claim type, enter the email address of the user, such as firstname.lastname@example.org.
Important In ACS 2.0, identity claim values are case-sensitive.
In Description, enter a description for the portal administrator. This field is optional.
If a claim type is supported by the identity provider, but is not listed, you can use the Enter claim type option to create a custom claim type. In the value of the Enter claim type option, specify the URI for the custom claim type.
Step 3 - Provide the Portal URL to the Portal Administrators
When you save a new portal administrator, the ACS Management Portal redirects you to the Portal Administrators page. The display includes a URL that can open the management portal for the namespace. Provide this URL to the new portal administrator.
|The portal administrator URL cannot be used to access the Windows Azure Management Portal to add or manage other Access Control namespaces.|
ConceptsACS How To's