Author : MD TAREQ HASSAN | Updated : 2020/11/13
- In Azure AD, all user accounts are granted a set of default permissions
- A user’s account access consists of the type of user, their role assignments, and their ownership of individual objects
- There are different types of user accounts in Azure AD
- Member user
- Test user
- Administrator roles in Azure AD allow users elevated access to control who is allowed to do what
- You assign these roles to a limited group of users to manage identity tasks in an Azure AD organization.
- If your user account has the User Administrator or Global Administrator role, you can create a new user in Azure AD by using either the Azure portal, the Azure CLI, or PowerShell
- A member user account is a native member of the Azure AD organization that has a set of default permissions like being able to manage their profile information
- A member user is meant for users who are considered internal to an organization and are members of the Azure AD organization
- Anyone who isn’t a guest user or isn’t assigned an administrator role falls into this type
- When someone new joins your organization, they typically have this type of account created for them
- Guest users have restricted Azure AD organization permissions
- When you invite someone to collaborate with your organization, you add them to your Azure AD organization as a guest user
- By default, Azure AD member users can invite guest users (this default can be disabled by someone who has the User Administrator role)
Creating directory user
- Go to: https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview
- Under Manage, select Users > New User
- The User pane now appears. Provide the following values:
- User Name: chris@contosomarketingXXXXXX.onmicrosoft.com. Use the domain name you noted earlier.
- Name: Chris Green
- Select Show Password, and copy it somewhere you can refer to it later
After creating user
- Ask newly created user to login to Azure AD
- User need to use temporary password to login
- User must change password at first login
For user created for POC purposes => must do following before using Azure AD authentication:
- Logout and login using newly created user id and temporary password
- Change password at first login
- In your Azure AD organization, under Manage, select Users.
- Select target user from the list.
- Select Delete user. If you don’t see that option, select More.
- When you’re asked to confirm your deletion, select Yes.
- You can also delete user accounts through the Azure portal, Azure PowerShell, or the Azure CLI.
- Azure CLI:
az ad user delete
- When you delete a user, the account remains in a suspended state for 30 days. During that 30-day window, the user account can be restored