Previously, I have blogged about extending your on-premise Active Directory to Windows Azure by using the Azure AD Sync tool. In this post, I will show you how users can authenticate to Visual Studio Online with Azure Active Directory.
Before We Get Started
If you have not already configured your on-premise domain for Azure Active Directory synchronization, refer back to my first post on Azure Active Directory sync. I’ll wait until you’ve setup your Azure Active Directory…
Welcome back!
From here on out, I’ll assume you have already setup your Azure Active Directory sync.
Create a New Visual Studio Online Account
To get started, browse over to the Visual Studio website. From the Visual Studio homepage, sign up for a new account.
After clicking the “Sign up” link, you’ll be prompted to sign into Visual Studio Online with your Microsoft Account.
Don’t do this.
Instead, locate the link that says “Sign in with your work or school account”, as shown below. This link will allow you to use your Azure Active Directory synced account when creating a new Visual Studio Online account.
As I’ve shown below, I am logging in with my Brosteins domain account (mike@brosteins.com).
After I’ve authenticated with credentials from the Brosteins’ Azure Active Directory domain, the normal Visual Studio Online registration process continues. Note the message stating, “Only users in the Brosteins directory will be able to access this account.” This means if a user does not belong to your Azure Active Directory, they cannot log into Visual Studio Online. At the surface this seems innocuous, but what if you have outside consultants with MSDN accounts that do not belong to your Azure Active Directory domain. There is an easy work-around – see below for the work-around.
After you have specified the account URL, you must create your first Project. I’ve created a Sample Project.
What About External Users?
Now that you’ve created your Visual Studio Online account and first Project, you will want to give additional people access to the account. In the “Users” area, it is easy to add new users and assign licenses to people within your Azure Active Directory Domain.
But what about external users?
Although I have several users in the Brosteins Azure Active Directory domain, I want users external from my organization to contribute to Visual Studio Online projects. For example, my brother’s MSDN account is not linked to the Brosteins domain – it’s actually linked to his personal email account at Gmail.
When I try to add him as a user, Visual Studio Online cannot find him in the Brosteins Azure Active Directory.
To remedy this issue, browse out to the Azure Management Portal and open your Azure Active Directory.
Navigate to the “Users” tab and click “Add User” at the bottom – we’re going to add Nick as an external Microsoft Account user to the Brosteins Azure Active Directory. For the type of user, select “user with an existing Microsoft account” and enter the Microsoft Account email address.
On the next tab, select complete the user’s profile. Now, this user will appear in your Azure Active Directory.
After I have added Nick as a user in the Brosteins Azure Active Directory, he appears as a valid account I can assign permissions to within Visual Studio Online.
Your Turn!
Now that you know you can use your existing on-premise domain credentials to authenticate users to Visual Studio Online with Azure Active Directory, it’s your turn to get started!
Thank you for your article. It helped me solve a puzzle. Still have some other puzzles though :D. I How can I “transfer” existing account from a Microsoft account to a Work account (office 365)? My intention is to simplify user management for VSO.
Thanks.
Anyone have an answer to this? I find myself in the same predicament.
Thanks Colin and Panji. Check out this article: https://www.visualstudio.com/en-us/get-started/setup/manage-organization-access-for-your-account-vs, which should allow you to configure an account to connect with an Azure AD instance. Keep in mind that is your Microsoft account needs to be added to the Azure AD instance as a “Microsoft Account”.