ACS Management Portal
Updated: June 19, 2015
Applies To: Azure
Important
ACS namespaces can migrate their Google identity provider configurations from OpenID 2.0 to OpenID Connect. Migration must be completed before June 1, 2015. For detailed guidance, see Migrating ACS Namespaces to Google OpenID Connect.
You can use the ACS Management Portal to configure the following components of Microsoft Azure Active Directory Access Control (also known as Access Control Service or ACS):
Identity providers—Such as Windows Live ID (Microsoft account), Google, Facebook, Yahoo!, and WS-Federation identity providers (for example, ). For more information, see Identity Providers.
Relying party applications—These are your web applications or services that you want to interact with ACS. For more information, see Relying Party Applications.
Rule groups and rules—Rules, contained in rule groups, define which claims are passed from identity providers to relying party applications. For more information, see Rule Groups and Rules.
Certificates and keys—In an Access Control namespace, these credentials are used for token signing, encryption, and decryption. For more information, see Certificates and Keys.
Service identities—Autonomous applications and services can use these credentials to authenticate directly with ACS and receive tokens. For more information, see Service Identities.
Portal administrators—You can grant administrative access to the ACS Management Portal for a specific Access Control namespace to users from selected identity providers. For more information, see Portal Administrators.
Management Service—You can use the ACS Management Portal to add new or manage existing accounts for accessing the ACS Management Service. For more information, see ACS Management Service.
In addition to the previous list, you can also use the ACS Management Portal’s Application Integration section to get the code required to integrate ACS with your relying party applications.
Working with the Management Portal
The following section describes how to navigate the ACS Management Portal in order to configure various components of ACS.
You can launch the ACS Management Portal though the Azure Management Portal. To launch the ACS Management Portal, you must first create a new or have an existing Azure namespace. For detailed instructions, see How to: Create an Access Control Namespace.
When an Access Control namespace is created, it is provisioned with a single portal administrator account. This is the same account that is used to create the Access Control namespace in the Azure Management Portal. This account is immutable and cannot be deleted within the Access Control namespace.
To launch the ACS Management Portal
Go to the Microsoft Azure Management Portal (https://manage.WindowsAzure.com), sign in, and then click Active Directory. (Troubleshooting tip: "Active Directory" item is missing or not available)
To create an Access Control namespace, click New, click App Services, click Access Control, and then click Quick Create. (Or, click Access Control Namespaces before clicking New.)
To manage an Access Control namespace, select the namespace, and then click Manage. (Or, click Access Control Namespaces, select the namespace, and then click Manage.)
In the ACS Management Portal Home page, you can do the following:
To add new or manage existing relying party applications, click Relying party applications.
To add new or manage existing identity providers, click Identity providers.
To add new or manage existing rule groups and rules, click Rule groups.
To add new or manage existing certificates and keys, click Certificates and Keys.
To add new or manage existing service identities, click Service identities.
To add new or manage existing portal administrators, click Portal administrators.
To add new or manage existing accounts for accessing the ACS Management Service, click Management service.
To get the code required to integrate ACS with your relying party applications, click Application integration.
Signing Out of the ACS Management Portal
When you use a Windows Live ID (Microsoft account) administrative account to access the ACS Management Portal, and then you click the Sign Out link, you are signed out of the ACS Management Portal and out of your Windows Live ID (Microsoft account). If you access the ACS Management Portal with a Google, Yahoo!, or Facebook administrative account, the Sign out link signs you out of the ACS Management Portal, but it does not sign you out of your identity provider.
Localization in Eleven Languages
The ACS Management Portal and the ACS-hosted login page for relying party applications now support localization in eleven written languages, including English, French, German, Italian, Japanese, Korean, Russian, Spanish, Portuguese (Brazil), Simplified Chinese, and Traditional Chinese. An “English (International)” option is also available that uses an alternate date format for setting and displaying effective/expiration dates for keys. The written language displayed for these user interfaces can be changed in one of the following three ways:
Language Selector – In the ACS Management Portal, the displayed language can be instantly changed using a new language selector menu that appears in the upper-right corner of the portal.
URL – The language displayed in the ACS Management Portal can be changed by adding a “lang” parameter to the end of the request URL. The legal values for this parameter are ISO 639-1/3166 language codes that correspond to a supported language. Examples values include en, de, es, fr, it, ja, ko, ru, pt-br, zh-cn, and zh-tw. Below is an example ACS Management Portal URL with a parameter setting the displayed language to French:
Web Browser Preferences – If the “lang” URL parameter or language selector has never been used to set a language preference, then the ACS Management Portal and ACS-hosted login pages will determine the default language to display based on the language preferences set in the web browser settings.