Office 365 SuiteBar becomes responsive

image_thumb.png

Quick heads up about some SuiteBar improvements which are worth knowing about.

Microsoft have recently update the Office 365 SuiteBar. As you can see in the image below the Application Launcher got a new visual which resembles the Windows 10 Start experience. You can now resize the tiles as well as drag and drop them into a desired order. The tiles can be small like my Twitter and TinyPng or massive wide ones like my Delve.

image

Overall the SuiteBar has now become a responsive experience. It changes and adapts depending on the screen width and this removes the need for any clever work around.

Examples:

SuiteBar at a full 1920 width

image

SuiteBar a little smaller. Notice how the Application Launcher jumps to the right now.

image

Between the sizes above their seems to be a tiny glitch in about a ten pixel range where extra buttons appear.

image

The new buttons don’t do anything at this point though.

Finally we get down into the smaller mobile sizes.

image

I hope you found this update useful and it gives you chance to remove any customisations you might have made for the responsive SuiteBar.

Awarded Microsoft MVP 2015 for SharePoint Server

620MVP_Horizontal_FullColor

I’m happy to announce that I’ve been awarded Microsoft MVP 2015 for SharePoint Server. This is my third year as a MVP and it continues to be an amazing privilege to be recognised for my continued contributions. October 1st is one of the those days like any other until about 3pm UK time when every Hotmail email notification brings with it equal measures of excitement and nervousness Smile. Once the email below arrives it’s time to crack on with even more amazing new things.

image

The past year has been one of many new opportunities and many great exciting new technologies. Those who have supported me deserve a special mention.

My little boy and girl who don’t quite understand SharePoint yet, but definitely give me all the reasons I need to keep trying.

Steve Smith whose support this year has been invaluable as I embark upon my own business AddIn365. Thanks Steve Smile

Microsoft DX for inviting me to speak at London Technology Week about the Office 365 Unified API. It was a real pleasure presenting on Microsoft’s behalf.

The event organisers for SUGUK, Evolutions London (Steve Smith and Combined Knowledge, Paul, Ben and Nigel) for providing me opportunities to present and be part of the event teams.

Microsoft peeps like Chris Johnson for his invaluable help, Jeremy Thake for his technical input, Dana Wikan for sorting out a number of important things.

I’m looking forward to another great year!

OneDrive for Business gets a new user experience

OD4B

The eagle eyed amongst you will notice that Microsoft have released an update to the web interface of OneDrive for Business. It now looks and functions in a very similar way to the personal consumer version of OneDrive.

OneDrive for Business look and feel.

image

OneDrive consumer look and feel. (i’ve just redacted the names of my personal stuff, it doesn’t really have the blobs of colour all over it)

image

To me this feels like a great improvement in the user experience, and probably a good view an Office Fabric use. Microsoft did say that OneDrive for Business was utilising the Office Fabric. One challenge with this unification will be helping your employees to understand the differences, how to identify the UI so they understand where they are. I can already see some tricky consulting conversations ahead with regards the obvious questions around helping an employee differentiate one from the other. We always have to remember those of us living and breathing Office365 24/7 are actually not a ‘typical’ employee Winking smile. The most obvious element is the ‘Office 365’ wording in the suitebar.

A tour of some of the features

Lets take a walk around the new features. While this isn’t an exhaustive list it should help get a footing.

View formats and options

We can switch between viewing formats with the following buttons in the action bar.

image

Sort is fairly self explanatory and changes the sorting of the main view.

The little block icon next to it toggles the main view from details to icons.

Details view

image

Icons view

image

Document details

The ‘hover panel’ is no more. Personally i’m really glad to see the removal of the hover panel idea, it always felt clunky to me and was a really bad experience on a touch enabled device.

Selection of a document is now super easy even with a fingertip.

image

You can see the action bar become contextual with the common action now available for that file.

image

You can also invoked the menu from the item ‘…’ option as well.

image

Opening the details panel now provides an in-depth view of the selected document. The file previewer for an Office Document shows the contents. If you select a folder you get the large folder preview icon and an item count for that folder.

image

Return to the older UI style

Simply click the bottom left

image

Which takes the view back to the older one.

image

Help panel

The new ‘Help’ panel also lights up with new content for this interface. Access it by clicking the ‘?’ icon on the suitebar. This is something that you can encourage employees to click through when they enter an area of Office 365 they are less familiar with. Microsoft are starting to bring some more useful and engaging information in through this mechanism and I’d encourage organisations to begin to highlight this feature as a good way to aid learning.

image

First item prompt.

image

Second item shows a small animation in the panel.

image

Third item prompt.

image

Fourth item prompt.

image

UserVoice

As you may be aware Microsoft like to hear from their consumer base about their changes and any ideas they might have via UserVoice. The specific OneDrive for Business is here: https://onedrive.uservoice.com/forums/262982-onedrive/category/86090-onedrive-for-business

Summing it all up

So these new user experience changes are great, one thing that struck me was no mention of them on the roadmap site http://success.office.com/en-us/roadmap.

Introducing AddIn365

AddIn365BlogHeader

Office 365 presents an opportunity to meet more business objectives than ever before with an ever expanding set of services. However, out-dated attitudes and practices towards implementation of the Office 365 platform make it difficult for many organisations to realise this potential.

AddIn365 offer a fresh partner perspective on how clients can maximise the return on their investment in Office 365 with a context driven approach to add-in development. This new approach takes advantage of the great new services Office 365 provides and focuses on attaining a high level of employee adoption.

Office 365 presents a unique opportunity to move beyond a fragmented digital estate; it is a platform that brings together email, enterprise search, intranet, collaboration, enterprise social network and instant messenger. Furthermore, Office 365 natively provides the tools to link to other systems with ease via features such as the app launcher. Read more about the app launcher here.

Last year Microsoft released 400+ new features to the Office 365 platform. Many of these new features are complex and make light work of providing organisation’s insights that would have cost clients millions to develop in years gone by. Delve is just one example of this high quality engineering that comes as part and parcel of the Office 365 experience; it uses machine learning to understand who you are, who your network is and to suggest content that might be useful to you that you have not engaged directly with.

Organisations have recognised the opportunity that Office 365 presents in moving away from a disjointed collection of systems to a more integrated one. According to Radicati, growth of the Office 365 market share is expected to be 20% year on year for the next four years.

In order to take advantage of the great new services available with Office 365, organisations are turning to the market which tends to offer custom development or products in response to their business requirements, both of which present challenges.

Custom development tends to be:

  • Very Sites (SharePoint) focused.
  • Bends towards developing capabilities rather than configuring what is already available. This means that organisations tend to face more cost and protracted timescales when trying to deploy Office 365 than they need to.
  • Employee adoption is a secondary consideration to development and is often glossed over altogether.

Organisations that go down the product route tend to suffer three challenges:

  • Adoption is still a problem; employees using the platform will never ‘learn’ what is available so only a portion of the product will be used.
  • Products tend to branch from the Office 365 platform; clients that have invested in off the shelf products end up on the vendor roadmap and inevitably fall behind what Office 365 natively has to offer because Office 365 is evolving at a faster pace. This limits the return on investment an organisation can get from Office 365.
  • Products also tend to be based primarily on the Sites (SharePoint) part of the platform and do not take advantage of the great new services – again limiting the return on investment an organisation can get from Office 365.

We have seen these product challenges materialise recently within the intranet space (not too long ago I counted more than 15 products). Microsoft plan to release Infopedia in early 2016 which will provide all the common requirements an organisation has of an intranet, as Chris O’Brien reports here. With a powerhouse of engineers behind it this Office 365 native intranet capability will quickly become superior to any off the shelf product or custom developed intranet in the market.

Organisations are faced with a conundrum; both custom code and many off the shelf products fail to maximise a return on what is already available in Office 365 and inherit the adoption challenge.

So, how should organisations approach rolling out Office 365, in order to take advantage of the platform’s great new services and take employees on the journey with them?

I took the decision recently to co-found AddIn365. AddIn365 is the first Microsoft partner globally to offer a range of mobile and tablet friendly Workforce Enablement add-ins, for Microsoft Office and Microsoft’s Office 365 platform.

The AddIn365 add-in approach is context driven; tailored to individual employee’s daily tasks to ensure a high level of adoption whilst making use of a cross section of Office 365’s new capabilities.

AddIn365 add-ins increase productivity around common daily tasks and in doing so improve the employee experience of work.

Our two launch add-ins are:

  • AddIn Work Hub for Office 365 which provides staff a fully personalised dashboard to facilitate individual and cross-functional coordination, whether that work is operational, customer facing or delivery orientated.
  • AddIn Document Builder which is a Microsoft Office app that enables the workforce to create high quality documents quickly, through the creation and reuse of assets.

AddIn Work Hub brings together Calendar, Outlook, Delve, Groups, SharePoint team sites, Stories and the Video Portal.

AddIn Document Builder makes the process of document creation fast and accurate in Word, Excel and PowerPoint.

My ethos behind the designs of these new products has been:

  1. Make Office 365 intuitive for staff to use by providing context-led technology, so staff want to use the platform to get their work done faster and to a higher standard.
  2. Help organisations to get even more return on their investment in the Office 365 platform by using the new services Microsoft make available to support usage of the whole platform and not just SharePoint.
  3. Keep organisations on the Office 365 roadmap with a configure over customise development approach.

I’m really excited about the AddIn365 project and will be posting further on how I have led our engineering team to produce these add-ins over the next few months.

In the meanwhile, I would encourage you to check out the AddIn365 website and follow us on Twitter and LinkedIn for regular updates.

Adding Custom Tiles to the Office 365 App Launcher

image_thumb.png

Microsoft recently released a new feature so that as an Office 365 admin you can add tiles to the App Launcher.

 

Setting it up

Browse to the Admin dashboard for your tenant, from the left hand menu choose the ‘Company Profile’.

image

 

From the ‘Company Profile’ page select ‘Custom Tiles’ from the left hand menu.

image

 

The ‘Custom Tiles’ page is now displayed, and on very first load will be empty.

image

 

Click the ‘Plus’ to create a new tile.

image

 

You’ll notice that the information being requested is a lot simpler than the Azure AD application configuration. So in my opinion you may still want to opt for the Azure AD application root if you wanted to use groups/user assignment for the tile. This new Office 365 custom tile approach really only provides ‘add the icon’ style functionality. So in scenarios where you wanted to use a consistent name and icon for say a HR system where different regions had different urls/systems you’d still want to use the Azure AD root. Relying on this new Office 365 custom tile would need two tiles and both would show for everyone. As it stands today this feature is probably only useful for truly generic links such as the SharePoint root site collection (But why MS ignored that for so long has always baffled me).

Just before setting the tile information we need to make sure we have the logo somewhere, I always use Lego mini figures in this tenant so I uploaded a new picture to the assets library of the root site collection.

image

 

Once I have an image somewhere (it could have been located anywhere including externally from the tenant) I can enter the information to create the tile.

image

 

The new tile is now listed. Note that you can also edit and remove the tile from this screen.

image

 

Browse to your ‘MyApps’ page.

image

 

There you can see our newly created tile. From here the employee can decided to pin it the App Launcher.

image

 

They can also view details about the app.

image

 

We can see the new tile in the App Launcher.

image

 

So this is a neat new feature which will satisfy the common request to have a tile for the Intranet home page. While MS could hopefully go further in the future to allow employee and group assignment like the Azure AD apps.

SharePoint Evolutions 2015 presentations

April 20th – 22nd 2015 saw London play host to SharePoint Evolutions conference. It was a great event organised with so many quality speakers and companies in attendance. It was a privilege to be invited to speak again. This year I had two sessions as you can see below.

 

Introducing App Launcher

Delivered by: Wes Hackett

Audience: Office 365, Information Worker, Developer
A new feature of Office 365 is the ‘app launcher’ and ‘my apps’ features. These new features provide a new style of navigation experience where all your apps are available from the Office 365 suite bar and the ability for a user to pin their preferred apps. This session introduces the features and the extensibility approaches to have your own apps interact with it.

 

Yammer development deep dive

Delivered by: Wes Hackett

Audience: Office 365, Developer
Many organisations are considering leveraging Yammer as their Enterprise Social Network (ESN). Office 365 has already taken some steps to integrate the Yammer capabilities by replacing the SharePoint newsfeed and introducing the document conversations. The reality is that these integrations are only the tip of the iceberg with regards the integrations you can achieve with Yammer.
This demo centric session covers in detail the integration options and the steps that a developer or architect can take to bring Yammer into use for a scenario.
We’ll walkthrough:

  • Learn how the Yammer Embed can bring conversations into SharePoint article pages.
  • How to post information into your Yammer network from other systems using OpenGraph.
  • Learn how to use the REST API to discover groups, messages, topics, users and perform advanced searches against the network.
  • Take a look at the cutting edge Azure Logic App and Yammer connector

 

If you were an attendee you can also watch the DVD of the sessions.

Installing Office 2016 Preview from your tenant

OfficeOnline

Microsoft announced the Office 2016 Preview Public Preview today during the Ignite Keynote.

You can install the Office 2016 Preview from your Office 365 tenant.

Browse to your Office 365 Settings from the context menu on the Suitebar like the screenshot below.

image

From your Office 365 settings page choose ‘Software’

image

Your software page will load, it lists all the machines you have installed Office on.

image

Scroll down to the foot of the page.

If you have your tenant enabled for ‘First Release’ Office 2016 installation will be listed.

image

Select your language and then click ‘Install’.

After about 5-10 minutes Office 2016 Preview is installed.

image

NOTE: Office 2016 Preview is not being supported, so you are trying this at your own risk.

Office Online UI updates

OfficeOnline

There have been some subtle changes to the Office Online user experience in the past week or so. Office Online are the office applications such as Word, Excel and PowerPoint, they render a web based version which allows you to edit and read content directly within the browser.

The image below shows the reading view of a Word document. Note how the application bar now has a new layout and different options

image

 

The link back to the document library location is now within the grey area rather than on the header bar. In the image below you can see the library title ‘operations’.

image

The other options now appear on the right-hand end. As you can see from the image below some of the common options are now available without opening the file.

image

The ‘Edit Document’ menu provides us the links to edit online or in the desktop application.

image

The ‘Print’ menu item prints off the document as a PDF

image

The ‘Share’ menu item launches the Sharing dialog.

image

The ‘Comments’ menu item opens up the commenting functionality.

image

The ‘…’ menu brings up some other useful features.

The ‘Find’ menu brings up an in-document search box. Personally I’d like to see this as one of the primary options as it is a training challenge to educate people that it exists.

image

Other options allow for the in place translation using the ‘Translate’ menu option. The ‘Download’ does exactly as you’d expect and downloads the file, as does ‘Download as PDF’.

The final option which is worth mentioning is the ‘Embed’ option. As you can see from the image below it has some pretty neat features.

image

We can set the dimensions and some of the interactions available such as enabling print and the start page.

While they sneaked in under the radar these changes have made Office Online even more capable within Office 365.

Creating a simple redirect app for the App Launcher

image.png

As we saw from the previous article Adding GitHub to the App Launcher the Office 365 user experience now incorporates the App Launcher as a persistent navigation element across the whole suite. Combine this with the Access Panel in Azure and you have two simple ways to provide a user with a navigation item. As you can see from the screen shot below, including last articles addition of GitHub.

Imagine an organisation wants to take advantage of the App Launcher to provide a link to their users for the company public website. On the surface this isn’t such a bonkers request. Many organisations have some elements of their internal intranet hosted within Office 365 and often they require a link to the public facing sites as well. It makes sense then as the App Launcher provides a globally available menu system that the intranet owner might ask for this link to be provisioned. Ok so far, a sensible request by the stakeholder….

Well if we cast our minds back to the types of application that can be displayed:

  • Office 365 applications – If you are using Office 365 such as Exchange and SharePoint and the logged in user is assigned a license then these will appear. The user will be automatically signed in when they click any of the Office 365 apps.
  • Microsoft or Third Party apps configured with Federation based SSO – If an Azure admin has configured the app with single sign-on mode set to ‘Azure AD Single Sign-On’ then when a user clicks the app they will be automatically logged in assuming they have been explicitly granted access to that application.
  • Password based SSO without identity provisioning – These are applications the Azure admin has added with the single sign-on mode set to ‘Password based Single Sign-on’. It is important to realise that all users authenticated to the Azure AD will see these applications. The first time a user clicks one of these apps they will be asked to install a lightweight browser plugin for IE or Chrome. Once they restart the browser the next time they navigate to that app they will be asked to enter the username and password combination for that app. This is then securely stored in Azure AD and linked to their organisation account. The next time the user clicks that app they will be automatically signed in with the credentials they provided. Updating credentials in the third party app needs the user to update their Azure AD stored credentials from the context menu on the app tile.
  • Password based SSO with identity provisioning – These are applications the Azure admin has added with the single sign-on mode set to ‘Password based Single Sign-on’ as well as identity provisioning. The first time a user clicks one of these apps they will be asked to install a lightweight browser plugin for IE or Chrome. Once they restart the browser the next time they will be automatically signed in to the application.
  • Application with existing SSO solutions – These applications are configured with the sign-on mode set to ‘Existing Single Sign-on’. This options supports the existing methods of SSO such as ADFS 2.0 or whatever the third party application is using.

None of these sound like a ‘simple’ type of hyperlink navigation item do they? They all assume the need for some kind of sign-on or application.

So at the time of writing this article there is no way to add a simple static url into the icons. Microsoft might pull this feature in at some point in the future, but for now we need something sensible to help us implement it.

NB: When researching this challenge I did stumble upon one blog article which was suggesting using jQuery to inject items in the html of the App Launcher. While in reality the author had it working it would be something I’d steer well clear of for the following reasons:

  • Microsoft ‘own’ the UI/UX for the App Launcher which means they can make breaking changes any time they like leaving you with a broken implementation at best
  • The article could only get this to work across SharePoint Online as the author could inject the required script. This meant that users outside of SharePoint lost this set of icons in things like Exchange.

So where does that leave us? Simple really we need an application registered with our Azure Active Directory which can redirect the user.

Creating our redirection app

So we have two options for this, manually craft an Application and register it with our Azure AD Applications or use the Visual Studio tools to help. For this article we’ll opt for the Visual Studio root and rather explain what’s happening behind the scenes as we go.

So lets get going by cracking open Visual Studio 2013.

Lets create a new MVC Web Application called ‘SimpleRedirectorApp’ and click OK.

image

image

Lets be good citizens and change our app to use SSL. Change the Project property to SSL Enabled to true.

image

Then copy that URL into the properties page on the Web tab.

image

Save the project and run it.

At this point you should see the normal templated MVC page running on your localhost under SSL.

image

So at this stage we have a basic MVC web application up and running. Now lets switch into our Azure portal and take a look at the applications listing.

This is all the applications I have configured in the Azure Active Directory. You’ll notice from the screen shot below our new app is not yet listed in the applications and thus Azure and the App Launcher no nothing about it.

image

If we were doing this manually we would go through the steps to ‘Add’ the application here. For this run through we’re going to jump back to Visual Studio.

We are going to use the Office365 Tools to add a connected service which wire up our app the associated Azure AD for us.

So from the context menu of the project chose ‘Connected Service’.

image

Click ‘Register your app’.

image

Sign in with a user who is an Azure AD admin / Tenant admin which is normally one and the same.

image

This will then show you information about your application.

image

Click ‘App Properties’ and make any changes from single to multi tenant if you require.

image

Note that the URLs are being displayed which match where our App will run from at the moment. When you choose to publish these elsewhere for Production you update these values.

Now when this wizard finishes it has done a few things. Firstly its added a set of things to the web.config file to store the Client Id etc.

image

Next if we switch back to our Azure Portal you’ll see the App is now being listed.

image

Clicking in we can view the settings that have been made.

image

One of the things we can’t do from the Visual Studio tools is set the Logo for the App. This is important to do as it’s the visual icon in the App Launcher. So click the ‘Upload Logo’ from the menu bar.

image

Choose an image which matches the specifics in the dialog box. I’m going to be linking to my companies website so created a quick icon based on our logo.

image

Scrolling down you can see the URLs listed and the permissions the App needs to run. Notice at the moment we don’t ask for anything other than delegated permissions on the Azure AD to enable SSO and read the profile of the user. That’s all we need.

image

Once the App is configured we need to assign users to it so it shows up for them. So click the ‘Users’ tab and find the user you need to assign. As you can see from the screenshot I’m just going to assign myself it for now. Once highlighted click ‘Assign’ from the menu bar.

image

Now when you browse to your Office 365 tenant and open the ‘My Apps’ page you can see our new App listed. As you can see from the screen shot below.

image

At the moment we have to manually ‘pin’ this new app ourselves Sad smile hope Microsoft add features to do this from the portal at some point.

image

So now it shows up in the App Launcher. Hooray you say… click it and what happens… we get the boring old MVC default page in a new tab. (assuming you still left the app in debug, remember its localhost at the moment).

image

So only one more step to go. Lets make our App go where it should, to the all important public website.

Open the HomeController.cs and find the Index method.

Change it from this

image

To this

image

We changed the result object to the RedirectResult type and provide it the url of our public site.

Now rerun our localhost app and it should redirect straight to the website.

image

Now when we click the App from the App Launcher we get a new tab and the App handles the redirection to the specified site.

Happy stakeholder Smile

As I mentioned earlier one of the best things about this approach is that it is truly suite wide as you can see from the screen shot of the users Calendar below.

image

In a more detailed scenario you might want to add more features to the redirection app and make it configurable without hard coding, but this was the basic how to Smile.

Adding GitHub to the App Launcher

image.png

Lets start with a little background

One of the latest features released to Office 365 and Azure was the ‘App Launcher’. This feature (Microsoft Announcement) provided a consistent menu of applications that can be launched by the user. Azure Active Directory now provides an easy way to integrate to many SaaS platforms. It provides identity and access management features through the Azure portal and the Access Panel for users to discover apps they have access too. The App Launcher leverages the same underpinnings within Azure to provide the suite wide UX within Office 365.

Azure Access Panel

Information about setting up Application Access in Azure Active Directory can be found here: http://msdn.microsoft.com/en-us/library/azure/dn308590.aspx Another feature we won’t go through but is worth mentioning is the ‘Change Password’ feature on the profile tab.

This is a screen shot of my tenant Access Panel. You can browse to yours using: https://myapps.microsoft.com

image

The Access Panel can serve several different types of application:

  • Office 365 applications – If you are using Office 365 such as Exchange and SharePoint and the logged in user is assigned a license then these will appear. The user will be automatically signed in when they click any of the Office 365 apps.
  • Microsoft or Third Party apps configured with Federation based SSO – If an Azure admin has configured the app with single sign-on mode set to ‘Azure AD Single Sign-On’ then when a user clicks the app they will be automatically logged in assuming they have been explicitly granted access to that application.
  • Password based SSO without identity provisioning – These are applications the Azure admin has added with the single sign-on mode set to ‘Password based Single Sign-on’. It is important to realise that all users authenticated to the Azure AD will see these applications. The first time a user clicks one of these apps they will be asked to install a lightweight browser plugin for IE or Chrome. Once they restart the browser the next time they navigate to that app they will be asked to enter the username and password combination for that app. This is then securely stored in Azure AD and linked to their organisation account. The next time the user clicks that app they will be automatically signed in with the credentials they provided. Updating credentials in the third party app needs the user to update their Azure AD stored credentials from the context menu on the app tile.
  • Password based SSO with identity provisioning – These are applications the Azure admin has added with the single sign-on mode set to ‘Password based Single Sign-on’ as well as identity provisioning. The first time a user clicks one of these apps they will be asked to install a lightweight browser plugin for IE or Chrome. Once they restart the browser the next time they will be automatically signed in to the application.
  • Application with existing SSO solutions – These applications are configured with the sign-on mode set to ‘Existing Single Sign-on’. This options supports the existing methods of SSO such as ADFS 2.0 or whatever the third party application is using.

Full details about the Access Panel can be found here: http://msdn.microsoft.com/en-us/library/azure/dn308586.aspx

App Launcher

The App Launcher is the name for the UX within the Office 365 suite. The screen shot below shows the fly out menu active on my tenant. You can see all the apps that this user is assigned licenses for are visible, also admin as this user is a tenant admin.

image

You’ll also see the ‘My Apps’ option in the bottom right corner. This takes you to a fully immersive experience listing all your apps. As you can see from the screen shot below.

image

This page lists all the applications from Azure AD applications as well as anything you have installed within your OneDrive for Business site on SharePoint online.

Configuring GitHub through the App Launcher

So we’ve taken a whistle stop tour around the Azure AD Access Panel and App Launcher lets now look at how to add an application to it. For this article we’re going to look at providing our users SSO for GitHub. The Azure AD links above show how to connect up to all sorts like SalesForce, DropBox etc, but Microsoft’s latest code repository choice isn’t listed. As all the  Office Dev Code Samples these days live in GitHub it makes sense to provide a SSO implementation for your dev teams. Here’s how.

First thing to do is log into the Azure portal. You’ll see the connected Azure Active Directories listed. You might have several or just your Office 365 directory. You pick the one you want the application to show up in. In my example I’ll pick my main tenant.

image

When you click the required AD row it will switch into the dashboard for that AD service. As you can see by the screenshot below there are lots of different things you could do here, but we are going to focus on the ‘Applications’ tab only.

image

Clicking the ‘Applications’ tab shows the connected applications. In the screen shot you can see I’ve been busy with the Office 365 APIs Smile. Also note that this AD is connected to my Office 365 subscriptions so both Exchange and SharePoint are listed. These don’t have the same degree of settings available as other applications though.

image

So to add a new application click the ‘Add’ from the menu bar. This pops a light box as you can see below. There are two options, first is to add a custom application (a topic for a further article) which you are developing, the second to connect a service from the gallery. At the time of writing there are about 4500 services and applications available in the gallery so it’s worth having a peek through. GitHub is an existing service so we need to click ‘Add an application from the gallery’.

image

Rather than browse it will be easier to type ‘GitHub’ in the search box. You’ll see the below. So click the ‘tick’ button to confirm.

image

Now GitHub is connected to your Azure AD as an application. We now need to configure the SSO settings and assign some users.

image

Click the ‘Configure single sign-on’ button to setup the SSO for GitHub. The light box that pops up has two options, first is the Password Single Sign-on, the second is for existing Single Sign-on. Both are explained in more detail above. We are going to choose the ‘Password Single Sign-on’ to connect as we don’t already have anything else configured for SSO with GitHub. Click the ‘tick’ to confirm.

image

We have now configured our chosen method of SSO. It’s time to assign some users. So click the ‘Users’ tab. From here all the users in your AD are going to be listed so you probably want to search using the slightly hidden search feature on the table header far right to narrow down the view to users you want.

image

Once you have your desired user select them by clicking the row. And then choose ‘Assign’ from the menu bar.

image

The light box that pops up allows us to confirm that user is about to be assigned access via SSO to this application. The checkbox feature we’ll come back to later in the article, for now leave it unchecked. Click the ‘Tick’ to confirm.

image

So there we have it, in some fairly simple steps we have configured SSO with GitHub via our Azure Active Directory. Lets now take a look at the implications for the end user experience in both the Access Panel and App Launcher.

Access Panel user experience

Now GitHub will show up for the assigned user. In the screen shot you can see the new GitHub tile has appeared. It can sometimes take a few minutes to update and the page may display a refresh message when changes have happened that need to reload.

image

As mentioned earlier a user can maintain their stored credentials via the Access Panel. As you can see from the screen shot this option is available from the tile on the Access Panel.

image

Clicking for the GitHub App very first time from the Access Panel invokes the browser plugin installer as you can see from the screen shot below.

image

In this example I was using Chrome, so here are the pop ups which trigger the install.

image

Confirm the installation dialog.

image

Next time you click the GitHub App you will be asked to enter your credentials as Azure AD does not yet have any stored. Enter the desired credentials and click ‘Sign In’.

image

Now when you click it the Azure SSO will kick in via the browser extension and log you in with the stored credential. Blink and you’ll miss it though, took me five attempts to screen grab the login step.

image

And there you have it, signed in to GitHub with the SSO password.

image

App Launcher user experience

The Office 365 App Launcher MyApps page now sports the same GitHub icon under ‘My Apps’.

image

Clicking for the GitHub App very first time from the My Apps page invokes the browser plugin installer as you can see from the screen shot below.

image

The next time you click the GitHub App the same SSO process as above is invoked and you get signed in.

One feature of the App Launcher which the Access Panel can’t do is allow the user to pin the App to the flyout menu. To do this navigate to the ‘My Apps’ page and from the context menu of the app click ‘Pin to app launcher’ as you can see in the screen shot below.

image

As you can see this then pins that app to your App Launcher menu.

image

Other stuff worthy of a mention

App Launcher where a user has no App assignment

Below is a screen shot of a different user within the same tenant and Azure AD who doesn’t have GitHub assigned as an App. As you can see their ‘My Apps’ page doesn’t list it.

image

Assigning a credential on behalf of a user in the Azure Portal

We mentioned the checkbox earlier. If you wanted to set the username and password during assignment check the checkbox and you get the option to enter the credentials on behalf of the user.

image

So why is this important? Well consider situations where you don’t want a user knowing or setting the credential. For example a situation where the organisation has a marketing twitter account. You can now provide SSO for the marketing team by setting up their credential on their behalf. They can still obviously change it in Twitter but it removes the need to email everyone the password.

Removing a user app assignment

Removing the user assignment is as easy as selecting them and clicking ‘Remove’ from the menu bar.

image

App dashboard

Another thing work mentioning is the App dashboard. Here you can see the login activity and some basic information about the app. What is really useful though is the Single Sign-on url. This is a unique url for this SSO’d app and pasting it in effectly jumps the Access Panel or App Launcher steps and navigates directly through the sign-on process. This would be useful if you are considering email or Yammer posts with links directly to the application.

image

Conclusion

Hopefully you’ve found this useful Smile and seen how easy it is to take advantage of the SSO features to improve your user experience.

So we now have GitHub easily available to all the assigned users, probably starting with the dev team.