Do not give company credentials out for social media accounts

If you are not doing it, you properly know someone who is doing it. Passing around company profile credentials to social media accounts for doing updates. But here is how you can make your empoyees do it without them having to know the credentials or remembering them.

Caption: Go to the Management Portal and locate your Windows Azure Active Directory

Caption: Search for your social media, here I am using Twitter as an example

Caption: We can configure signle sign on and assign users.

Caption: I am going to let WAAD store the password for the company account as I have no signle sign on configured with Twitter

Caption: Select a user and press assign.

Caption: Enter the credentials for the company profile

Caption: We are now done with configurating and you can now tell the employee to visit myapps.microsoft.com

Caption: The emploee will be navigated to the Windows Azure Active Directory login page. (At this point this only works for true WAAD users and not microsoft live accounts)

Caption: The employee then get to select the apps you have added for him, in this case twitter is showing now next to some apps i configured earlier

Caption: And just to show that this worked i have signed out from twitter.

Caption: Clicking Twitter will start the login flow. Note that to use this you must install a browser plugin for WAAD to use to pass the credentials into the login fields.

Caption: When navigated to the twitter page, the password and user is filled in by the browser plugin

Caption: And the user will be logged in. Without knowing the password.

So the steps are really simple and the post is more about letting your know that it’s possible. This also explains how Microsoft could get so many apps into the WAAD application catalog. They are not requiring the application owners to implement the WAAD application single sign on flows that you can get from creating your own multi organizational application on WAAD. However, for this purpose of giving an employee a way to sign on to your corporate twitter account, it sure is nice.



comments powered by Disqus