Challenge

Here is a quick fix to a simple but bothersome challenge: there are users in your production active directory that are required to collaborate on an application that is currently under development or at least being tested in a non-production environment. How can you use your production user account within this development without having to log in with multiple user accounts?

Objectives

Using dynamyx.com as an example, I will demonstrate how to manage a development Azure instance using accounts from the production example: alomanto.com Azure Active Directory (AD). My secondary objective will be to add users from the alomanto.com Azure AD production environment to the dynamyx.com development Azure instance.

Steps

1. Create a Microsoft account, for example: azure@dynamyx.com.

2. Log onto the dynamyx.com Azure instance and add the Microsoft account – azure@dynamyx.com – as the Co-Administrator.

3. Add the Microsoft account to dynamyx.com as a user with the role Global Admin. 

4. Log onto the alomanto.com Azure instance and add a Microsoft account – azure@dynamyx.com – as the Subscription Admin. 

5. Add the Microsoft account – azure@dynamyx.com – to alomanto.com as a user with the role Global Admin.

6. Login to azure.portal.com with the Microsoft account. 

7. Navigate to the section Active Directory and select the dynamyx.com domain.

8. Click Add User and choose User in another Microsoft Azure AD Directory. In this case, a user account from the alomanto.com Azure AD, and provide them with Global Admin permission (adriano@alomanto.com). 

9. Add the user adriano@alomanto.com to the Subscription Admin. 

10. Log out of the Azure instance. 

11. Login with adriano@alomanto.com and you ought to be able to manage both of the directories.

Results

You are now able to add members from your production directory to your development directory.