There are three main components that you’ll need:
Azure Active Directory Tenant
As with regular Active Directory, you’ll define your users here. This will allow you to also use SSO with any other applications you have tied in with your AAD tenant. You should have a tenant by default – if not, or you want to create a new one, run through the following:
- Click New in the bottom left of the Azure portal
- Select App Services, Active Directory, Directory and then click Custom Create
- Enter the settings to create your new Azure Active Directory Services in the form that pops up
For my tenant, I’ve gone with JackRoss for the name, and JackRoss.onmicrosoft.com for the domain name. Also, we’ll have need of an Administrator user down the line, so when your domain is ready, set one up at this point.
Azure Access Control Service
AAD hands out users to trusted applications as SAML tokens. SharePoint understands SAML tokens. Awesome! ..Unfortunately, AAD uses SAML 2.0, and SharePoint only works with 1.1. Luckily, the Access Control Service (ACS) in Azure understands both, so we can site this in the middle and translate the users from one form to another. To create your ACS, following the following:
- Click New
- Select App Services, Active Directory, Access Control Service and then click Quick Create
- Enter your settings to create the ACS
For my ACS, I’ve set jackross-acs.accesscontrol.windows.net for the namespace, and put it in the Southeast Asia region, where I keep all my Azure services. Until Australia gets their Azure datacentres (Not too much longer), it’s as close as we get.
The SharePoint Virtual Machine(s)
Last, but not least, the SharePoint VM – Or VMs, if building a farm. I’m only going with a single, all-in-one setup, as this is for a proof of concept implementation. For this, I’ll be using the MSDN Developer image, which comes preinstalled with SQL, Server SharePoint 2013, and Visual Studio 2013. Even though this requires more steps, I’ll leave the precise implementation up to you.
You’ll also need to install the MSOL components on a local computer, which are required for the next step. Note that there is a different package for 32- and 64-bit operating systems, and if you install the 64-bit version, you’ll need to specifically run the 64-bit powershell console. This can be downloaded from here.
Coming up next: SharePoint, Claims, and Azure Active Directory – Part 2: Configuring AAD and ACS