Microsoft this week announced a new Azure Active Directory group-based license management scheme that’s at the preview stage, plus Azure Active Directory integration with Slack.
Slack is a maker of collaboration software that competes with Microsoft’s new Teams service. Microsoft has announced that its Teams collaboration service, currently at the beta stage, is expected to get commercially released sometime this quarter. Despite those implicit competitive tensions between the two companies, the Slack and Microsoft Azure AD teams found time to collaborate on enabling “federated single sign-on” access for Slack users, as well as Azure AD automated provisioning.
The federated single sign-on access aspect didn’t get much of a description in Microsoft’s announcement. Presumably it means that Slack users can have their local credentials tied to Azure AD, via a federation server, so that they don’t have enter a password twice to access services.
The Azure Active Directory automated provisioning capability for Slack will enable the following capabilities, according to Microsoft’s announcement:
– Enable the provisioning of Slack users based on their Azure AD “group membership or account status,” and
– Permit the creation and management of groups in Slack “based on groups in Azure AD and Active Directory.”
The automated provisioning capability enabled via Azure AD will require that organizations have Slack Plus, or better, licensing in place, or they’ll need to be licensed to use Slack’s new Enterprise Grid management product. The Azure AD automated provisioning capability is enabled via Slack’s SCIM API, which is designed for use by Slack’s single sign-on partners. However, the use of this API requires having a Slack Plus plan in place or better, Microsoft’s tutorial document on the topic clarified.
Group-Based Licensing Management Preview
Microsoft also issued a preview this week of a new way to automatically assign and remove software licenses for end users using Azure AD. This “Azure AD group-based license management” scheme is based on the use of a “license template,” which gets assigned to an Azure AD security group. Once that’s set up, “Azure AD will automatically assign and remove licenses as users join and leave the group,” Microsoft’s announcement explained. The feature avoids having to use PowerShell to automate this capability.