App Store Wiki

User Tools

Site Tools

Trace:
general:registering_an_organziation_with_the_app_store

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
general:registering_an_organziation_with_the_app_store [2020/02/28 10:30] sugeneral:registering_an_organziation_with_the_app_store [2022/06/09 08:37] (current) su
Line 1: Line 1:
-====== Reigstering an Organization with the App Store ======+====== Registering an Organization with the Industrial App Store ======
  
-If an organization uses Microsoft Azure Active Directory, we recommend they register with the app store to enable their employees to log in securely with work credentials.+If an organization uses Microsoft Azure Active Directory (AAD), we recommend that they register with the Industrial App Store.
  
-//Some more reading and instructions on the organization registration process...//+  * [[https://appstore.intelligentplant.com/Onboarding/SignUp|Organization Registration Sign Up Page]]
  
-  * [[https://appstore.intelligentplant.com/nuget/downloads/App%20Store%20Organisation%20Registration.pdf|About Organization Registration]]+Registering allows the Industrial App Store to delegate the responsibility of user authentication to your organization's Azure Active Directory. 
 + 
 +//**Registering has the following advantages:**// 
 + 
 +  * Single Sign-On is enabled for users, meaning they can log in to the Industrial App Store with their work credentials. 
 +   
 +  * Organizations can enforce the use of security features such as multi-factor authentication (MFA) when signing users in.  
 + 
 +  * Organizations can control who can sign in to IAS via AAD groups. 
 + 
 +  * Organizations can review Industrial App Store sign-in activity via Azure Portal. 
 + 
 +//Organizations can remove the Industrial App Store from their approved application list at any time. Registering **does not allow** Intelligent Plant to browse an organization's Azure Active Directory, view or modify group memberships, or obtain secure credentials such as passwords.// 
 + 
 +//For more information about how Azure AD supports user sign-in, refer to Microsoft's notes on [[https://docs.microsoft.com/en-us/azure/active-directory/develop/application-consent-experience|Understanding Azure AD application consent experiences]].// 
 +  
 +===== Who can Register an Organization? ===== 
 + 
 +To register with the Industrial App Store, your organization must use Microsoft Azure Active DirectoryIf your organization uses Microsoft 365 Enterprise, (formerly Office 365) you are already using Azure Active Directory! 
 + 
 +To be able to register your organization, you must be assigned to one of the following [[https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference#global-administrator--company-administrator|Azure Active Directory Roles]]: 
 + 
 +  * Global Administrator 
 +  * Application Administrator 
 +  * Cloud Application Administrator 
 + 
 +If you are unsure if you have the required permissions, contact your IT administrator. 
 + 
 + 
 +===== How does Organization Registration Work? ===== 
 + 
 +On successful registration, **Intelligent Plant Industrial App Store** is added to your organization's AAD Enterprise Applications list. 
 + 
 +IT administrators can view registered applications and configure or review user access via Azure Portal. 
 + 
 + 
 +===== What Permissions are Requested? ===== 
 + 
 +The Industrial App Store requests the [[https://docs.microsoft.com/en-us/graph/permissions-reference#user-permissions|"Sign in and read user profile"]] permission for the [[https://docs.microsoft.com/en-us/graph/|Microsoft Graph]]. This permission (also known as ''User.Read'') allows the Industrial App Store to retrieve basic information about your organization's users when they sign in to personalise their experience. For more info on how this data is used, refer to our [[https://appstore.intelligentplant.com/Content/assets/legal/IAS-PrivacyPolicy.html|Privacy Policy]]. 
 + 
 +Consent for this scope is requested on behalf of your organization, which is why you must be in one of the required administrative roles described above in order to grant this consent.  
 + 
 +The Industrial App Store previously used Microsoft's [[https://docs.microsoft.com/en-us/graph/migrate-azure-ad-graph-overview|Azure AD Graph]] to retrieve user information. When registering your organization, you may see "Sign in and read user profile" listed twice in the requested permissions (once for the Microsoft Graph and once for the Azure AD Graph): 
 + 
 +{{:general:orgs:ias_aad_permissions.png?200|}} 
 + 
 +Microsoft has announced that the Azure AD Graph is being retired in favour of the Microsoft Graph. Requesting the permission from both APIs allows the Industrial App Store to maintain backwards compatibility until support for the Azure AD Graph is removed.
  
-  * [[https://appstore.intelligentplant.com/Onboarding/SignUp|Organization Registration Sign Up Page]] 
  
-  * [[https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-user-signin|Azure AD Connect user sign-in options]] 
general/registering_an_organziation_with_the_app_store.1582885855.txt.gz · Last modified: 2020/02/28 10:30 by su