Driving engagement with your organisation through the Office 365 Video Portal

Image_EasilyConsumerVideo_713x354

Back in November 2014 Microsoft announced the release of the Office 365 Video Portal. This was the first of the so named NextGen portals Microsoft aims to release. We gained an internal Video portal within each Office 365 tenant backed by the power of the Azure Media services platform. This was also the first time we had received a service at MVP (minimum viable product) stage. So the community and customers alike began to watch the Office 365 teams roadmap closely and provide feedback via their UserVoice channel.

Introduction to the Video Portal

I won’t spend a huge amount of time explaining every detail about the Video Portal, but if you’re new to Office 365 here is a little more about the Video Portal services.

Video Portal

The Video Portal is the main ‘Hub’ experience, it is the entry point when you navigate to the Video Portal from the application launcher tile. It displays a spotlight of selected videos, trending video aggregation, upto three video channel video aggregations and a channel directory. Video Portal admins can make various settings changes such as the spotlight video selections and the permissions for the portal.

Video Channel

The Video Channels are logical collections of videos. They feature a spotlight, trending aggregations and actually store the videos (for the technical amongst us it’s a little more complex than that). Each channel has settings like the spotlight video selections, Yammer group selection and colour for the header, plus permission.

Video playback page

The playback page is where you can watch the video, discuss it on Yammer, see suggested videos.

Microsoft published a good overview…

Read about the service from the Office 365 site.

To find the indepth help and instructions for the Office 365 Video Portal visit the https://support.office.com site.

Office Mix

At the same time that the Video Portal was announced a little known app called Office Mix also gained the ability to publish directly to the portal. Office Mix is an awesome addition to PowerPoint which helps employees to create interactive video presentations, you can read more about the features over in the tutorial section of their site. Combining both Office Mix and the Office 365 Video Portal opens up many new opportunities to leverage the powerful Office Mix capabilities and still use them within Office 365.

So where can Office Mix help your organisation?

You can use Office Mix when:

  • You need to prepare a presentation for your team, customer or partners and have read-only mode with the animations and transitions
  • You need to improve knowledge sharing, adding voice, video and digital ink to your slides
  • You need to understand who watched which portions of your content, and survey your audience to gain feedback and insights
  • You need to support e-Learning scenarios, turn PowerPoint into a tool which saves time and money allowing experts to produce and publish their content
  • Share pre-recorded mixes for the meeting presentation prior to the meeting, freeing up the meeting time for discussion and actions

You can find out more about Office Mix for business here.

So you can see the this collaboration between Office Mix and Office 365 Video Portal will allow your employees to produce content in a more interactive fashion. This is an area of your Office 365 rollout which really supports employees during their working processes. Publishing these videos into the Video Portal then makes them easier to discover via Delve and other sites.

Where do you use the videos?

So hopefully your organisation has made use of the Video Portal and has a vibrant collection of channels. It’s always better to bring those videos into other information contexts.

You can embed a video anywhere across your SharePoint Online, and with hybrid on-prem SharePoint. Microsoft have a great article on their support site which details the steps. This will help your employees make use of video to support other content. Examples like a mobile phone video uploaded with a site visit, then embedded on a best practices team site for discussion.

Delve is a great way to discover video content being produced across your teams and departments. Using Delve you can add those to Boards or Favourites so you can find them later.

The videos can also be embedded into the Delve modern blog articles, again helping to make those articles much more media and context rich.

Understanding the stats

Just released are the video statistics. You can find all the details here.

The most exciting part of the new stats is the ability to see inside the viewing stats. Video is such a rich media that simple view counts don’t really cut it. The new stats (from Feb 19th 2016 onwards) will begin to show a breakdown of the viewer engagement.

An example from the launch article:

Office 365 Video Viewer Engagement

Why is this cool?

Well lets imagine you have a month all hands meeting in which your CEO talks about the business strategy, sales wins and various reward announcements. These meetings are often recorded and published by the internal communications teams. The comms team will already be promoting the video via existing channels like Yammer/Slack and email. Now they can also understand the true engagement with the video and act accordingly. Imagine that at 48 minutes into the video the CEO made the most significant announcement which the comms team wanted people to see. From the graph above they can quickly see that less than half the viewers made it to that time in the video. This gives them opportunity to tailor new messaging about the missed communication.

Wrap up

Hopefully this has shown you a few options, features or tid-bits about the Video Portal that you can dove tail into your engagement and communication strategy within your organisation. Making better and deeper use of your existing Office 365 investments.

Office 365 SuiteBar becomes responsive

image_thumb.png

Quick heads up about some SuiteBar improvements which are worth knowing about.

Microsoft have recently update the Office 365 SuiteBar. As you can see in the image below the Application Launcher got a new visual which resembles the Windows 10 Start experience. You can now resize the tiles as well as drag and drop them into a desired order. The tiles can be small like my Twitter and TinyPng or massive wide ones like my Delve.

image

Overall the SuiteBar has now become a responsive experience. It changes and adapts depending on the screen width and this removes the need for any clever work around.

Examples:

SuiteBar at a full 1920 width

image

SuiteBar a little smaller. Notice how the Application Launcher jumps to the right now.

image

Between the sizes above their seems to be a tiny glitch in about a ten pixel range where extra buttons appear.

image

The new buttons don’t do anything at this point though.

Finally we get down into the smaller mobile sizes.

image

I hope you found this update useful and it gives you chance to remove any customisations you might have made for the responsive SuiteBar.

Introducing AddIn365

AddIn365BlogHeader

Office 365 presents an opportunity to meet more business objectives than ever before with an ever expanding set of services. However, out-dated attitudes and practices towards implementation of the Office 365 platform make it difficult for many organisations to realise this potential.

AddIn365 offer a fresh partner perspective on how clients can maximise the return on their investment in Office 365 with a context driven approach to add-in development. This new approach takes advantage of the great new services Office 365 provides and focuses on attaining a high level of employee adoption.

Office 365 presents a unique opportunity to move beyond a fragmented digital estate; it is a platform that brings together email, enterprise search, intranet, collaboration, enterprise social network and instant messenger. Furthermore, Office 365 natively provides the tools to link to other systems with ease via features such as the app launcher. Read more about the app launcher here.

Last year Microsoft released 400+ new features to the Office 365 platform. Many of these new features are complex and make light work of providing organisation’s insights that would have cost clients millions to develop in years gone by. Delve is just one example of this high quality engineering that comes as part and parcel of the Office 365 experience; it uses machine learning to understand who you are, who your network is and to suggest content that might be useful to you that you have not engaged directly with.

Organisations have recognised the opportunity that Office 365 presents in moving away from a disjointed collection of systems to a more integrated one. According to Radicati, growth of the Office 365 market share is expected to be 20% year on year for the next four years.

In order to take advantage of the great new services available with Office 365, organisations are turning to the market which tends to offer custom development or products in response to their business requirements, both of which present challenges.

Custom development tends to be:

  • Very Sites (SharePoint) focused.
  • Bends towards developing capabilities rather than configuring what is already available. This means that organisations tend to face more cost and protracted timescales when trying to deploy Office 365 than they need to.
  • Employee adoption is a secondary consideration to development and is often glossed over altogether.

Organisations that go down the product route tend to suffer three challenges:

  • Adoption is still a problem; employees using the platform will never ‘learn’ what is available so only a portion of the product will be used.
  • Products tend to branch from the Office 365 platform; clients that have invested in off the shelf products end up on the vendor roadmap and inevitably fall behind what Office 365 natively has to offer because Office 365 is evolving at a faster pace. This limits the return on investment an organisation can get from Office 365.
  • Products also tend to be based primarily on the Sites (SharePoint) part of the platform and do not take advantage of the great new services – again limiting the return on investment an organisation can get from Office 365.

We have seen these product challenges materialise recently within the intranet space (not too long ago I counted more than 15 products). Microsoft plan to release Infopedia in early 2016 which will provide all the common requirements an organisation has of an intranet, as Chris O’Brien reports here. With a powerhouse of engineers behind it this Office 365 native intranet capability will quickly become superior to any off the shelf product or custom developed intranet in the market.

Organisations are faced with a conundrum; both custom code and many off the shelf products fail to maximise a return on what is already available in Office 365 and inherit the adoption challenge.

So, how should organisations approach rolling out Office 365, in order to take advantage of the platform’s great new services and take employees on the journey with them?

I took the decision recently to co-found AddIn365. AddIn365 is the first Microsoft partner globally to offer a range of mobile and tablet friendly Workforce Enablement add-ins, for Microsoft Office and Microsoft’s Office 365 platform.

The AddIn365 add-in approach is context driven; tailored to individual employee’s daily tasks to ensure a high level of adoption whilst making use of a cross section of Office 365’s new capabilities.

AddIn365 add-ins increase productivity around common daily tasks and in doing so improve the employee experience of work.

Our two launch add-ins are:

  • AddIn Work Hub for Office 365 which provides staff a fully personalised dashboard to facilitate individual and cross-functional coordination, whether that work is operational, customer facing or delivery orientated.
  • AddIn Document Builder which is a Microsoft Office app that enables the workforce to create high quality documents quickly, through the creation and reuse of assets.

AddIn Work Hub brings together Calendar, Outlook, Delve, Groups, SharePoint team sites, Stories and the Video Portal.

AddIn Document Builder makes the process of document creation fast and accurate in Word, Excel and PowerPoint.

My ethos behind the designs of these new products has been:

  1. Make Office 365 intuitive for staff to use by providing context-led technology, so staff want to use the platform to get their work done faster and to a higher standard.
  2. Help organisations to get even more return on their investment in the Office 365 platform by using the new services Microsoft make available to support usage of the whole platform and not just SharePoint.
  3. Keep organisations on the Office 365 roadmap with a configure over customise development approach.

I’m really excited about the AddIn365 project and will be posting further on how I have led our engineering team to produce these add-ins over the next few months.

In the meanwhile, I would encourage you to check out the AddIn365 website and follow us on Twitter and LinkedIn for regular updates.

Adding Custom Tiles to the Office 365 App Launcher

image_thumb.png

Microsoft recently released a new feature so that as an Office 365 admin you can add tiles to the App Launcher.

 

Setting it up

Browse to the Admin dashboard for your tenant, from the left hand menu choose the ‘Company Profile’.

image

 

From the ‘Company Profile’ page select ‘Custom Tiles’ from the left hand menu.

image

 

The ‘Custom Tiles’ page is now displayed, and on very first load will be empty.

image

 

Click the ‘Plus’ to create a new tile.

image

 

You’ll notice that the information being requested is a lot simpler than the Azure AD application configuration. So in my opinion you may still want to opt for the Azure AD application root if you wanted to use groups/user assignment for the tile. This new Office 365 custom tile approach really only provides ‘add the icon’ style functionality. So in scenarios where you wanted to use a consistent name and icon for say a HR system where different regions had different urls/systems you’d still want to use the Azure AD root. Relying on this new Office 365 custom tile would need two tiles and both would show for everyone. As it stands today this feature is probably only useful for truly generic links such as the SharePoint root site collection (But why MS ignored that for so long has always baffled me).

Just before setting the tile information we need to make sure we have the logo somewhere, I always use Lego mini figures in this tenant so I uploaded a new picture to the assets library of the root site collection.

image

 

Once I have an image somewhere (it could have been located anywhere including externally from the tenant) I can enter the information to create the tile.

image

 

The new tile is now listed. Note that you can also edit and remove the tile from this screen.

image

 

Browse to your ‘MyApps’ page.

image

 

There you can see our newly created tile. From here the employee can decided to pin it the App Launcher.

image

 

They can also view details about the app.

image

 

We can see the new tile in the App Launcher.

image

 

So this is a neat new feature which will satisfy the common request to have a tile for the Intranet home page. While MS could hopefully go further in the future to allow employee and group assignment like the Azure AD apps.

SharePoint Evolutions 2015 presentations

April 20th – 22nd 2015 saw London play host to SharePoint Evolutions conference. It was a great event organised with so many quality speakers and companies in attendance. It was a privilege to be invited to speak again. This year I had two sessions as you can see below.

 

Introducing App Launcher

Delivered by: Wes Hackett

Audience: Office 365, Information Worker, Developer
A new feature of Office 365 is the ‘app launcher’ and ‘my apps’ features. These new features provide a new style of navigation experience where all your apps are available from the Office 365 suite bar and the ability for a user to pin their preferred apps. This session introduces the features and the extensibility approaches to have your own apps interact with it.

 

Yammer development deep dive

Delivered by: Wes Hackett

Audience: Office 365, Developer
Many organisations are considering leveraging Yammer as their Enterprise Social Network (ESN). Office 365 has already taken some steps to integrate the Yammer capabilities by replacing the SharePoint newsfeed and introducing the document conversations. The reality is that these integrations are only the tip of the iceberg with regards the integrations you can achieve with Yammer.
This demo centric session covers in detail the integration options and the steps that a developer or architect can take to bring Yammer into use for a scenario.
We’ll walkthrough:

  • Learn how the Yammer Embed can bring conversations into SharePoint article pages.
  • How to post information into your Yammer network from other systems using OpenGraph.
  • Learn how to use the REST API to discover groups, messages, topics, users and perform advanced searches against the network.
  • Take a look at the cutting edge Azure Logic App and Yammer connector

 

If you were an attendee you can also watch the DVD of the sessions.

Creating a simple redirect app for the App Launcher

image.png

As we saw from the previous article Adding GitHub to the App Launcher the Office 365 user experience now incorporates the App Launcher as a persistent navigation element across the whole suite. Combine this with the Access Panel in Azure and you have two simple ways to provide a user with a navigation item. As you can see from the screen shot below, including last articles addition of GitHub.

Imagine an organisation wants to take advantage of the App Launcher to provide a link to their users for the company public website. On the surface this isn’t such a bonkers request. Many organisations have some elements of their internal intranet hosted within Office 365 and often they require a link to the public facing sites as well. It makes sense then as the App Launcher provides a globally available menu system that the intranet owner might ask for this link to be provisioned. Ok so far, a sensible request by the stakeholder….

Well if we cast our minds back to the types of application that can be displayed:

  • Office 365 applications – If you are using Office 365 such as Exchange and SharePoint and the logged in user is assigned a license then these will appear. The user will be automatically signed in when they click any of the Office 365 apps.
  • Microsoft or Third Party apps configured with Federation based SSO – If an Azure admin has configured the app with single sign-on mode set to ‘Azure AD Single Sign-On’ then when a user clicks the app they will be automatically logged in assuming they have been explicitly granted access to that application.
  • Password based SSO without identity provisioning – These are applications the Azure admin has added with the single sign-on mode set to ‘Password based Single Sign-on’. It is important to realise that all users authenticated to the Azure AD will see these applications. The first time a user clicks one of these apps they will be asked to install a lightweight browser plugin for IE or Chrome. Once they restart the browser the next time they navigate to that app they will be asked to enter the username and password combination for that app. This is then securely stored in Azure AD and linked to their organisation account. The next time the user clicks that app they will be automatically signed in with the credentials they provided. Updating credentials in the third party app needs the user to update their Azure AD stored credentials from the context menu on the app tile.
  • Password based SSO with identity provisioning – These are applications the Azure admin has added with the single sign-on mode set to ‘Password based Single Sign-on’ as well as identity provisioning. The first time a user clicks one of these apps they will be asked to install a lightweight browser plugin for IE or Chrome. Once they restart the browser the next time they will be automatically signed in to the application.
  • Application with existing SSO solutions – These applications are configured with the sign-on mode set to ‘Existing Single Sign-on’. This options supports the existing methods of SSO such as ADFS 2.0 or whatever the third party application is using.

None of these sound like a ‘simple’ type of hyperlink navigation item do they? They all assume the need for some kind of sign-on or application.

So at the time of writing this article there is no way to add a simple static url into the icons. Microsoft might pull this feature in at some point in the future, but for now we need something sensible to help us implement it.

NB: When researching this challenge I did stumble upon one blog article which was suggesting using jQuery to inject items in the html of the App Launcher. While in reality the author had it working it would be something I’d steer well clear of for the following reasons:

  • Microsoft ‘own’ the UI/UX for the App Launcher which means they can make breaking changes any time they like leaving you with a broken implementation at best
  • The article could only get this to work across SharePoint Online as the author could inject the required script. This meant that users outside of SharePoint lost this set of icons in things like Exchange.

So where does that leave us? Simple really we need an application registered with our Azure Active Directory which can redirect the user.

Creating our redirection app

So we have two options for this, manually craft an Application and register it with our Azure AD Applications or use the Visual Studio tools to help. For this article we’ll opt for the Visual Studio root and rather explain what’s happening behind the scenes as we go.

So lets get going by cracking open Visual Studio 2013.

Lets create a new MVC Web Application called ‘SimpleRedirectorApp’ and click OK.

image

image

Lets be good citizens and change our app to use SSL. Change the Project property to SSL Enabled to true.

image

Then copy that URL into the properties page on the Web tab.

image

Save the project and run it.

At this point you should see the normal templated MVC page running on your localhost under SSL.

image

So at this stage we have a basic MVC web application up and running. Now lets switch into our Azure portal and take a look at the applications listing.

This is all the applications I have configured in the Azure Active Directory. You’ll notice from the screen shot below our new app is not yet listed in the applications and thus Azure and the App Launcher no nothing about it.

image

If we were doing this manually we would go through the steps to ‘Add’ the application here. For this run through we’re going to jump back to Visual Studio.

We are going to use the Office365 Tools to add a connected service which wire up our app the associated Azure AD for us.

So from the context menu of the project chose ‘Connected Service’.

image

Click ‘Register your app’.

image

Sign in with a user who is an Azure AD admin / Tenant admin which is normally one and the same.

image

This will then show you information about your application.

image

Click ‘App Properties’ and make any changes from single to multi tenant if you require.

image

Note that the URLs are being displayed which match where our App will run from at the moment. When you choose to publish these elsewhere for Production you update these values.

Now when this wizard finishes it has done a few things. Firstly its added a set of things to the web.config file to store the Client Id etc.

image

Next if we switch back to our Azure Portal you’ll see the App is now being listed.

image

Clicking in we can view the settings that have been made.

image

One of the things we can’t do from the Visual Studio tools is set the Logo for the App. This is important to do as it’s the visual icon in the App Launcher. So click the ‘Upload Logo’ from the menu bar.

image

Choose an image which matches the specifics in the dialog box. I’m going to be linking to my companies website so created a quick icon based on our logo.

image

Scrolling down you can see the URLs listed and the permissions the App needs to run. Notice at the moment we don’t ask for anything other than delegated permissions on the Azure AD to enable SSO and read the profile of the user. That’s all we need.

image

Once the App is configured we need to assign users to it so it shows up for them. So click the ‘Users’ tab and find the user you need to assign. As you can see from the screenshot I’m just going to assign myself it for now. Once highlighted click ‘Assign’ from the menu bar.

image

Now when you browse to your Office 365 tenant and open the ‘My Apps’ page you can see our new App listed. As you can see from the screen shot below.

image

At the moment we have to manually ‘pin’ this new app ourselves Sad smile hope Microsoft add features to do this from the portal at some point.

image

So now it shows up in the App Launcher. Hooray you say… click it and what happens… we get the boring old MVC default page in a new tab. (assuming you still left the app in debug, remember its localhost at the moment).

image

So only one more step to go. Lets make our App go where it should, to the all important public website.

Open the HomeController.cs and find the Index method.

Change it from this

image

To this

image

We changed the result object to the RedirectResult type and provide it the url of our public site.

Now rerun our localhost app and it should redirect straight to the website.

image

Now when we click the App from the App Launcher we get a new tab and the App handles the redirection to the specified site.

Happy stakeholder Smile

As I mentioned earlier one of the best things about this approach is that it is truly suite wide as you can see from the screen shot of the users Calendar below.

image

In a more detailed scenario you might want to add more features to the redirection app and make it configurable without hard coding, but this was the basic how to Smile.

Adding GitHub to the App Launcher

image.png

Lets start with a little background

One of the latest features released to Office 365 and Azure was the ‘App Launcher’. This feature (Microsoft Announcement) provided a consistent menu of applications that can be launched by the user. Azure Active Directory now provides an easy way to integrate to many SaaS platforms. It provides identity and access management features through the Azure portal and the Access Panel for users to discover apps they have access too. The App Launcher leverages the same underpinnings within Azure to provide the suite wide UX within Office 365.

Azure Access Panel

Information about setting up Application Access in Azure Active Directory can be found here: http://msdn.microsoft.com/en-us/library/azure/dn308590.aspx Another feature we won’t go through but is worth mentioning is the ‘Change Password’ feature on the profile tab.

This is a screen shot of my tenant Access Panel. You can browse to yours using: https://myapps.microsoft.com

image

The Access Panel can serve several different types of application:

  • Office 365 applications – If you are using Office 365 such as Exchange and SharePoint and the logged in user is assigned a license then these will appear. The user will be automatically signed in when they click any of the Office 365 apps.
  • Microsoft or Third Party apps configured with Federation based SSO – If an Azure admin has configured the app with single sign-on mode set to ‘Azure AD Single Sign-On’ then when a user clicks the app they will be automatically logged in assuming they have been explicitly granted access to that application.
  • Password based SSO without identity provisioning – These are applications the Azure admin has added with the single sign-on mode set to ‘Password based Single Sign-on’. It is important to realise that all users authenticated to the Azure AD will see these applications. The first time a user clicks one of these apps they will be asked to install a lightweight browser plugin for IE or Chrome. Once they restart the browser the next time they navigate to that app they will be asked to enter the username and password combination for that app. This is then securely stored in Azure AD and linked to their organisation account. The next time the user clicks that app they will be automatically signed in with the credentials they provided. Updating credentials in the third party app needs the user to update their Azure AD stored credentials from the context menu on the app tile.
  • Password based SSO with identity provisioning – These are applications the Azure admin has added with the single sign-on mode set to ‘Password based Single Sign-on’ as well as identity provisioning. The first time a user clicks one of these apps they will be asked to install a lightweight browser plugin for IE or Chrome. Once they restart the browser the next time they will be automatically signed in to the application.
  • Application with existing SSO solutions – These applications are configured with the sign-on mode set to ‘Existing Single Sign-on’. This options supports the existing methods of SSO such as ADFS 2.0 or whatever the third party application is using.

Full details about the Access Panel can be found here: http://msdn.microsoft.com/en-us/library/azure/dn308586.aspx

App Launcher

The App Launcher is the name for the UX within the Office 365 suite. The screen shot below shows the fly out menu active on my tenant. You can see all the apps that this user is assigned licenses for are visible, also admin as this user is a tenant admin.

image

You’ll also see the ‘My Apps’ option in the bottom right corner. This takes you to a fully immersive experience listing all your apps. As you can see from the screen shot below.

image

This page lists all the applications from Azure AD applications as well as anything you have installed within your OneDrive for Business site on SharePoint online.

Configuring GitHub through the App Launcher

So we’ve taken a whistle stop tour around the Azure AD Access Panel and App Launcher lets now look at how to add an application to it. For this article we’re going to look at providing our users SSO for GitHub. The Azure AD links above show how to connect up to all sorts like SalesForce, DropBox etc, but Microsoft’s latest code repository choice isn’t listed. As all the  Office Dev Code Samples these days live in GitHub it makes sense to provide a SSO implementation for your dev teams. Here’s how.

First thing to do is log into the Azure portal. You’ll see the connected Azure Active Directories listed. You might have several or just your Office 365 directory. You pick the one you want the application to show up in. In my example I’ll pick my main tenant.

image

When you click the required AD row it will switch into the dashboard for that AD service. As you can see by the screenshot below there are lots of different things you could do here, but we are going to focus on the ‘Applications’ tab only.

image

Clicking the ‘Applications’ tab shows the connected applications. In the screen shot you can see I’ve been busy with the Office 365 APIs Smile. Also note that this AD is connected to my Office 365 subscriptions so both Exchange and SharePoint are listed. These don’t have the same degree of settings available as other applications though.

image

So to add a new application click the ‘Add’ from the menu bar. This pops a light box as you can see below. There are two options, first is to add a custom application (a topic for a further article) which you are developing, the second to connect a service from the gallery. At the time of writing there are about 4500 services and applications available in the gallery so it’s worth having a peek through. GitHub is an existing service so we need to click ‘Add an application from the gallery’.

image

Rather than browse it will be easier to type ‘GitHub’ in the search box. You’ll see the below. So click the ‘tick’ button to confirm.

image

Now GitHub is connected to your Azure AD as an application. We now need to configure the SSO settings and assign some users.

image

Click the ‘Configure single sign-on’ button to setup the SSO for GitHub. The light box that pops up has two options, first is the Password Single Sign-on, the second is for existing Single Sign-on. Both are explained in more detail above. We are going to choose the ‘Password Single Sign-on’ to connect as we don’t already have anything else configured for SSO with GitHub. Click the ‘tick’ to confirm.

image

We have now configured our chosen method of SSO. It’s time to assign some users. So click the ‘Users’ tab. From here all the users in your AD are going to be listed so you probably want to search using the slightly hidden search feature on the table header far right to narrow down the view to users you want.

image

Once you have your desired user select them by clicking the row. And then choose ‘Assign’ from the menu bar.

image

The light box that pops up allows us to confirm that user is about to be assigned access via SSO to this application. The checkbox feature we’ll come back to later in the article, for now leave it unchecked. Click the ‘Tick’ to confirm.

image

So there we have it, in some fairly simple steps we have configured SSO with GitHub via our Azure Active Directory. Lets now take a look at the implications for the end user experience in both the Access Panel and App Launcher.

Access Panel user experience

Now GitHub will show up for the assigned user. In the screen shot you can see the new GitHub tile has appeared. It can sometimes take a few minutes to update and the page may display a refresh message when changes have happened that need to reload.

image

As mentioned earlier a user can maintain their stored credentials via the Access Panel. As you can see from the screen shot this option is available from the tile on the Access Panel.

image

Clicking for the GitHub App very first time from the Access Panel invokes the browser plugin installer as you can see from the screen shot below.

image

In this example I was using Chrome, so here are the pop ups which trigger the install.

image

Confirm the installation dialog.

image

Next time you click the GitHub App you will be asked to enter your credentials as Azure AD does not yet have any stored. Enter the desired credentials and click ‘Sign In’.

image

Now when you click it the Azure SSO will kick in via the browser extension and log you in with the stored credential. Blink and you’ll miss it though, took me five attempts to screen grab the login step.

image

And there you have it, signed in to GitHub with the SSO password.

image

App Launcher user experience

The Office 365 App Launcher MyApps page now sports the same GitHub icon under ‘My Apps’.

image

Clicking for the GitHub App very first time from the My Apps page invokes the browser plugin installer as you can see from the screen shot below.

image

The next time you click the GitHub App the same SSO process as above is invoked and you get signed in.

One feature of the App Launcher which the Access Panel can’t do is allow the user to pin the App to the flyout menu. To do this navigate to the ‘My Apps’ page and from the context menu of the app click ‘Pin to app launcher’ as you can see in the screen shot below.

image

As you can see this then pins that app to your App Launcher menu.

image

Other stuff worthy of a mention

App Launcher where a user has no App assignment

Below is a screen shot of a different user within the same tenant and Azure AD who doesn’t have GitHub assigned as an App. As you can see their ‘My Apps’ page doesn’t list it.

image

Assigning a credential on behalf of a user in the Azure Portal

We mentioned the checkbox earlier. If you wanted to set the username and password during assignment check the checkbox and you get the option to enter the credentials on behalf of the user.

image

So why is this important? Well consider situations where you don’t want a user knowing or setting the credential. For example a situation where the organisation has a marketing twitter account. You can now provide SSO for the marketing team by setting up their credential on their behalf. They can still obviously change it in Twitter but it removes the need to email everyone the password.

Removing a user app assignment

Removing the user assignment is as easy as selecting them and clicking ‘Remove’ from the menu bar.

image

App dashboard

Another thing work mentioning is the App dashboard. Here you can see the login activity and some basic information about the app. What is really useful though is the Single Sign-on url. This is a unique url for this SSO’d app and pasting it in effectly jumps the Access Panel or App Launcher steps and navigates directly through the sign-on process. This would be useful if you are considering email or Yammer posts with links directly to the application.

image

Conclusion

Hopefully you’ve found this useful Smile and seen how easy it is to take advantage of the SSO features to improve your user experience.

So we now have GitHub easily available to all the assigned users, probably starting with the dev team.