Export (0) Print
Expand All

Introduction to the Access Panel

Published: July 8, 2013

Updated: June 26, 2014

Applies To: Azure

noteNote
For feedback, click here.

For more information about this topic, see Best Practices for Managing the Application access enhancements for Azure Active Directory.

The Access Panel is a web-based portal that allows an end user with an organizational account in Azure Active Directory to view and launch cloud-based applications to which they have been granted access by the Azure AD administrator. If you are an end-user with Azure Active Directory Premium, you can also utilize self-service group management capabilities through the Access Panel.
The Access Panel is separate from the Azure Management Portal and does not require users to have an Azure subscription.

Access Panel Applications

The Access Panel allows users to edit some of their profile settings, including the ability to:

  • Change the password associated with your organizational account

  • Edit multi-factor authentication-related contact & preference settings (for those accounts that have been required to use it by an administrator)

  • View account details, such as your User ID, alternate email, mobile and office phone numbers

  • View and launch cloud-based applications to which you have been granted access by the Azure AD administrator. For more information about the Access Panel from the end users’ perspective, see Using the Access Panel.

  • Self-manage groups. More specifically, you can create and manage security groups and request security group memberships in Azure AD. For more information, see Self-service group management for users and Manage your groups.

    ImportantImportant
    Self-service group management is only available when you have Azure Active Directory Premium.

Users access the Access Panel by visiting the following URL in a web browser:
http://myapps.microsoft.com

This URL must be distributed to all users who will be signing into applications integrated with Azure AD.

In order to reach the Access Panel, a user must be authenticated using an organizational account in Azure AD.
A user can be authenticated to Azure AD directly.
Alternatively, if an organization has configured federation using ADFS or other technologies, users can be authenticated by Windows Server Active Directory.

If a user has a subscription for Azure or Office 365 and has been using the Azure Management Portal or an Office 365 application, then they will be presented the list of applications without needing to sign in again. Users who are not authenticated will be prompted to sign in using the username and password for their account in Azure AD.
If the organization has configured federation, then typing the username is sufficient.

Once authenticated, users will be able to interact with the applications that have been integrated with the directory by the administrator.
To learn how to integrate applications with Azure AD, see Application access enhancements for Azure AD.

At a minimum, the Access Panel requires a browser with support for JavaScript and CSS enabled. In order for the user to be signed on to applications using Password-based SSO, the Access Panel extension must be installed in the user’s browser. This Access Panel extension is downloaded automatically when a user selects an application that is configured for Password-based SSO.

At the present time, the Access Panel Extension is available for Internet Explorer 8 and later, Chrome, and Firefox browsers.

If you are an Azure administrator and you are signed into the Azure Management Portal using an account in the directory, you will be automatically signed into the Access Panel as your current administrator account. In this case, you can see all applications that have been assigned to this account.

  1. Click the user menu in the upper-right corner of the Azure portal or the Access Panel, and select “Sign Out”. This will sign you out of Azure AD.

  2. Go to the Access Panel at http://myapps.microsoft.com.

  3. In the sign in page, enter the username and password for the account in your directory that you want to test.

There are several types of applications that can appear on the Access Panel.

If an organization is using Office 365 applications and the user is licensed for them, then the Office 365 applications will appear on the user’s Access Panel.

When a user clicks on an application tile for an Office 365 application, they are redirected to that application and automatically signed in.

These are applications that the administrator has added in the Active Directory section of the Azure Management Portal with the single sign-on mode set to “Users authenticate with their account in Azure AD”. A user will only see these applications if they have been explicitly granted access to the application by the administrator.

When a user clicks on an application tile for one of these applications, they are redirected to that application and automatically signed in.

These are applications that the administrator has added in the Active Directory section of the Azure Management Portal with the single sign-on mode set to “Users authenticate with their existing application account”.
All users in the directory will see all applications that have been configured in this mode.

The first time a user clicks on an application tile for one of these applications, they will be prompted to install the Password SSO plugin for Internet Explorer or Chrome, which may require a restarting of their web browser. When they are returned to the Access Panel and click on the application tile again, they will be prompted for a username and password for the application. Once the username and password are entered, these credentials will be securely stored in Azure AD and linked to their account in Azure AD, and the Access Panel will automate signing the user in to the application using those credentials.

The next time a user clicks on the application tile, they will be automatically signed into the application without needing to enter the credentials again and without needing to install the Password SSO plugin again.

If a user’s credentials have changed in the target third-party application, then the user must also update their credentials which are stored in Azure AD. To update credentials, a user must select the icon in the lower-right of the application tile, and select “update credentials” to re-enter the username and password for that application.

These are applications that the administrator has added in the Active Directory section of the Azure Management Portal with the single sign-on mode set to “Users authenticate with their existing application account” as well as the identity provisioning.

The first time a user clicks on an application tile for one of these applications, they will be prompted to install the Password SSO plugin for Internet Explorer or Chrome, which may require a restarting of their web browser. When they are returned to the Access Panel and click on the application tile again, they will be automatically signed in to the application.

Some applications may require that a user change their password on first sign in. If a user’s credentials have changed in the target third-party application, then the user must also update their credentials which are stored in Azure AD. To update credentials, a user must select the icon in the lower-right of the application tile, and select “update credentials” to re-enter the username and password for that application.

See Also

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft