{"id":4337,"date":"2022-09-19T09:59:23","date_gmt":"2022-09-19T16:59:23","guid":{"rendered":"https:\/\/SUMMALAI.COM\/?p=4337"},"modified":"2022-09-19T09:59:23","modified_gmt":"2022-09-19T16:59:23","slug":"how-to-enable-self-service-application-assignment-on-azure","status":"publish","type":"post","link":"https:\/\/SUMMALAI.COM\/?p=4337","title":{"rendered":"How to Enable Self-service Application Assignment on Azure"},"content":{"rendered":"\n<p>In this article, you learn how to enable self-service application access using the Azure Active Directory Admin Center.<\/p>\n\n\n\n<p>Before your users can self-discover applications from the&nbsp;<a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/active-directory\/manage-apps\/my-apps-deployment-plan\">My Apps portal<\/a>, you need to enable&nbsp;<strong>Self-service application access<\/strong>&nbsp;for the applications. This functionality is available for applications that were added from the Azure AD Gallery,&nbsp;<a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/active-directory\/app-proxy\/application-proxy\">Azure AD Application Proxy<\/a>, or were added using&nbsp;<a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/active-directory\/develop\/application-consent-experience\">user or admin consent<\/a>.<\/p>\n\n\n\n<p>Using this feature, you can:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Let users self-discover applications from the My Apps portal without bothering the IT group.<\/li><li>Add those users to a pre-configured group so you can see who has requested access, remove access, and manage the roles assigned to them.<\/li><li>Optionally allow a business approver to approve application access requests so the IT group doesn\u2019t have to.<\/li><li>Optionally configure up to 10 individuals who may approve access to this application.<\/li><li>Optionally allow a business approver to set the passwords those users can use to sign in to the application, right from the business approver\u2019s My Apps portal<\/li><li>Optionally automatically assign self-service assigned users to an application role directly.<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"prerequisites\"><a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/active-directory\/manage-apps\/manage-self-service-access#prerequisites\"><\/a>Prerequisites<\/h2>\n\n\n\n<p>To enable self-service application access, you need:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>An Azure account with an active subscription.&nbsp;<a href=\"https:\/\/azure.microsoft.com\/free\/?WT.mc_id=A261C142F\">Create an account for free<\/a>.<\/li><li>One of the following roles: Global Administrator, Cloud Application Administrator, Application Administrator, or owner of the service principal.<\/li><li>An Azure Active Directory Premium (P1 or P2) license is required for users to request to join a self-service app and for owners to approve or deny requests. Without an Azure Active Directory Premium license, users cannot add self-service apps.<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"enable-self-service-application-access-to-allow-users-to-find-their-own-applications\"><a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/active-directory\/manage-apps\/manage-self-service-access#enable-self-service-application-access-to-allow-users-to-find-their-own-applications\"><\/a>Enable self-service application access to allow users to find their own applications<\/h2>\n\n\n\n<p>Self-service application access is a great way to allow users to self-discover applications, and optionally allow the business group to approve access to those applications. For password single-sign on applications, you can also allow the business group to manage the credentials assigned to those users from their own My Apps portal.<\/p>\n\n\n\n<p>To enable self-service application access to an application, follow the steps below:<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>Sign in to the&nbsp;<a href=\"https:\/\/portal.azure.com\/\">Azure portal<\/a>&nbsp;as a Global Administrator.<\/li><li>Select&nbsp;<strong>Azure Active Directory<\/strong>. In the left navigation menu, select&nbsp;<strong>Enterprise applications<\/strong>.<\/li><li>Select the application from the list. If you don&#8217;t see the application, start typing its name in the search box. Or use the filter controls to select the application type, status, or visibility, and then select&nbsp;<strong>Apply<\/strong>.<\/li><li>In the left navigation menu, select&nbsp;<strong>Self-service<\/strong>.<\/li><li>To enable Self-service application access for this application, set&nbsp;<strong>Allow users to request access to this application?<\/strong>&nbsp;to&nbsp;<strong>Yes.<\/strong><\/li><li>Next to&nbsp;<strong>To which group should assigned users be added?<\/strong>, select&nbsp;<strong>Select group<\/strong>. Choose a group, and then select&nbsp;<strong>Select<\/strong>. When a user&#8217;s request is approved, they&#8217;ll be added to this group. When viewing this group&#8217;s membership, you&#8217;ll be able to see who has been granted access to the application through self-service access.&nbsp;NoteThis setting doesn&#8217;t support groups synchronized from on-premises.<\/li><li><strong>Optional:<\/strong>&nbsp;To require business approval before users are allowed access, set&nbsp;<strong>Require approval before granting access to this application?<\/strong>&nbsp;to&nbsp;<strong>Yes<\/strong>.<\/li><li><strong>Optional: For applications using password single-sign on only,<\/strong>&nbsp;to allow business approvers to specify the passwords that are sent to this application for approved users, set&nbsp;<strong>Allow approvers to set user\u2019s passwords for this application?<\/strong>&nbsp;to&nbsp;<strong>Yes<\/strong>.<\/li><li><strong>Optional:<\/strong>&nbsp;To specify the business approvers who are allowed to approve access to this application, select&nbsp;<strong>Select approvers<\/strong>, select up to 10 individual business approvers, and then select&nbsp;<strong>Select<\/strong>.&nbsp;NoteGroups are not supported. You can select up to 10 individual business approvers. If you specify multiple approvers, any single approver can approve an access request.<\/li><li><strong>Optional:<\/strong>&nbsp;<strong>For applications that expose roles<\/strong>, to assign self-service approved users to a role, select&nbsp;<strong>Select Role<\/strong>, choose the role to which these users should be assigned, and then select&nbsp;<strong>Select<\/strong>.<\/li><li>Select the&nbsp;<strong>Save<\/strong>&nbsp;button at the top of the pane to finish.<\/li><\/ol>\n\n\n\n<p>Once you complete self-service application configuration, users can navigate to their My Apps portal and select&nbsp;<strong>Add self-service apps<\/strong>&nbsp;to find the apps that are enabled with self-service access. Business approvers also see a notification in their My Apps portal. You can enable an email notifying them when a user has requested access to an application that requires their approval.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"next-steps\"><a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/active-directory\/manage-apps\/manage-self-service-access#next-steps\"><\/a>Next steps<\/h2>\n\n\n\n<p><a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/active-directory\/enterprise-users\/groups-self-service-management\">Setting up Azure Active Directory for self-service group management<\/a><\/p>\n\n\n\n<p><\/p>\n\n\n\n<p>Ref: <a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/active-directory\/manage-apps\/manage-self-service-access\">How to enable self-service application assignment &#8211; Microsoft Entra | Microsoft Learn<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this article, you learn how to enable self-service application access using the Azure Active Directory Admin Center. Before your users can self-discover applications from the&nbsp;My Apps portal, you need to enable&nbsp;Self-service application access&nbsp;for the applications. This functionality is available for applications that were added from the Azure AD Gallery,&nbsp;Azure AD Application Proxy, or were <a class=\"read-more\" href=\"https:\/\/SUMMALAI.COM\/?p=4337\">Read More<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_bbp_topic_count":0,"_bbp_reply_count":0,"_bbp_total_topic_count":0,"_bbp_total_reply_count":0,"_bbp_voice_count":0,"_bbp_anonymous_reply_count":0,"_bbp_topic_count_hidden":0,"_bbp_reply_count_hidden":0,"_bbp_forum_subforum_count":0,"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[238,239],"tags":[1312,1311],"class_list":["post-4337","post","type-post","status-publish","format-standard","hentry","category-cloud","category-azure","tag-enable-self-service-application-assignment","tag-enable-self-service-application-assignment-on-azure"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/posts\/4337","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4337"}],"version-history":[{"count":1,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/posts\/4337\/revisions"}],"predecessor-version":[{"id":4338,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/posts\/4337\/revisions\/4338"}],"wp:attachment":[{"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4337"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4337"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4337"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}