Earlier this year, we shipped a preview of employee self-service app access for Azure AD to help our enterprise IT customers streamline their app access request and approval processes. This feature allows employees to add more applications in their Azure AD access panel, and allows IT to create optional approval workflows that puts app access grant decision making in the hands of a department lead or other delegated administrator. To everyone who tried and it provided feedback, thank you!
This feature is now generally available as part of Azure AD Premium, and we’ve added some cool new features to give delegated administrators even more control.
In addition to approving requests, delegated admins now get a control panel in the Azure AD access panel that allows them to see which apps they manage access for, and also directly assign and remove user access to those apps. Here’s what the app control panel looks like for Google Apps:
This control panel allows team leads to directly grant app access to employees without IT involvement, and without requiring the employee to file a request.
What’s more, if the application has been configured using password-based single sign-on, the delegated admin can also be granted the ability to set the app usernames and passwords on behalf of the users.
For more information, check out our article on self-service app access and delegated management at https://azure.microsoft.com/en-us/documentation/articles/active-directory-self-service-application-access/.
As always, we’d love to receive any feedback or suggestions you have!
Alex Simons (Twitter: @Alex_A_Simons)
Director of Program Management
Microsoft Identity Services and Products