Azure Active Directory integration on BizTalk Portal
BizTalk Portal is now integrated with Azure Active Directory. This feature enables few important scenarios mentioned below -
Login to BizTalk Portal using organizational accounts
- Users can now use their organizational accounts to manage their BizTalk Services through the BizTalk Portal provided their organizational accounts are associated with Azure Active Directory. Consider an organization 'contoso' which is integrated with Azure Active Directory. Any user from this organization (e.g. bob@contoso.com) can login to the BizTalk Portal and manage BizTalk Services he owns.
- A user logged in to BizTalk Portal using organizational account can add more users from his/her organization using the 'Add User' button in 'Settings' tab to manage the same BizTalk Service. For example, bob@contoso.com can invite mary@contoso.com who is another employee in his organization (i.e. contoso) to manage the same BizTalk Service.
Login to BizTalk Portal using your Microsoft accounts
- Users who don't want to use their organizational accounts or who don't have one can continue to use their Microsoft accounts (hotmail.com, live.com, outlook.com etc.) to manage their BizTalk Services through the BizTalk Portal. For example, bob@hotmail.com can manage BizTalk Services created in his personal subscriptions.
- A user logged in to BizTalk Portal using a Microsoft account can add other Microsoft accounts using the 'Add User' button in 'Settings' tab to manage the same BizTalk Service. For example. bob@hotmail.com can invite mary@outlook.com to manage the BizTalk Service.
Automatic registration of user who creates the BizTalk Service
- The user who creates the BizTalk Service on Azure Portal is automatically registered as administrator of the same on BizTalk Portal. He/she doesn't need to go through the (painful ? :)) process of copying the ACS secrets from Azure Portal and pasting them in the user registration page provided on the BizTalk Portal.
- A user can add more users through the steps mentioned in above sections. Henceforth users probably won't even need to copy the secrets from Azure Portal. A user needs to do this only if he wants to go through explicit user registration flow on BizTalk Portal.
Gotchas
- Microsoft account and Organizational accounts cannot manage same BizTalk Service - A BizTalk Service can be either associated with Microsoft accounts or Organizational accounts. Therefore, all user accounts managing a particular BizTalk Service should either be Microsoft accounts or Organizational accounts.
- Users from different organizations cannot manage same BizTalk Service - A BizTalk Service can be associated with only one organization. Therefore, all organzational users accounts managing a particular BizTalk Service should belong to the same organization.
You will get following error on the register account page in either of the cases mentioned above -
Microsoft Azure BizTalk Services deployment registration has failed.
Registration has failed..