Microsoft Office 365 applications including Microsoft SharePoint and Microsoft Teams use Azure Active Directory to authenticate users .
Microsoft Teams allows Guest users to be added to a Team.
Azure Active Directory is used to support the Teams Guest user feature.
In the screenshot below John Doe with email address john@doe.com is added as a Guest user.
John Doe is being added as a Guest user.
Once John Doe has been added to the Team his account is included in the "Members and guests" list.
John has been added as a (guest) member of the Team
Switching to the Azure Portal we can see that an external (EXT) Active Directory account has been added for John Doe.
Azure Active Directory Users
We can use the same Azure Active Directory user list to authenticate users accessing a custom "Who am I" web application.
The key step is the creation of an "application registration".
Navigate to the Azure Active Directory service and select App registrations page.
Navigate to Azure Active Directory and select App registrations
Click the "+ New registration" button
Enter the user-facing display name "who am i" in this case.
Enter the redirect uri (this is the address the user will be directed to once they have successfully entered their credentials).
We need to create a client secret
Application (client) ID 63fe01c7-f396-484e-8a48-760f********
Directory (tenant) ID 1661e837-0a95-4bc6-a655-8653********
Client secret -~nGgWS3F7y~-o2etNGc0BW_ik_*******
package.json
index.js
To test the who-am-i web application we can navigate to http://localhost:3000
We attempt to navigate to http://localhost:3000
We are redirected to the Azure Active Directory Sign in page (unless federated identity management is enabled).
Once we have entered a correct email/username and password...
...we are asked consent to having our personal details passed to the "who am i" application (unless two factor authentication is enabled).
In this case we are redirected to "/redirect" and the name of the authenticated user is displayed
