SharePoint Framework Context Explorer web part

image.png

The new SharePoint Framework developer preview is available now and you can check out how to get started over in the Microsoft GitHub repo here: https://github.com/SharePoint/sp-dev-docs/wiki

Follow through the setup and tutorials if you’re new to the SPFx and how it all hangs together.

With the new SPFx we get given a context object as part of the core which provides properties we can leverage inside our web part. This example is super simple and is aimed just to provide an easy to consume view of the context.

The full technical document is found  here

We can run the web part in the WorkBench hosted on localhost to see something like this

image

 

When we run the same web part within a SharePoint online hosted WorkBench it updates to show something like this

image

Extend the render

We inject some additional code into the render method to display the various properties.

Helper functions

There are a couple of additional functions to help deal with the objects and enums.

Clone and extend

Hopefully this will help you get familiar with some of the properties you have access to. Feel free to clone the code from my repo SPFx Context Explorer Repo.

Smile

How is the Delve Yammer feed configured?

image.png

Delve is a great way to discover content and people across Office 365. One of the best social features within Delve is the ability to take part in a Yammer conversation directly against the content.

The Delve conversations experience

image

As you can see each Delve card has a menu in the bottom right which provides employees with the option to ‘Talk about this in Yammer’.

image

The conversation panel then pops out and displays all the conversations about that content within your Yammer network.

image

So how do you need to configure the Yammer Embed widget to match the settings seen in Delve?

Delve makes use of the same Yammer Embed widget as you would anywhere else within Office 365, or other web pages. Using the html inspector in your favourite browser you can see the settings passed by the hosting page to the iframe widget.

Digging deeper you can see that the Delve feed iframe is configured as follows:

(example)

src=”https://www.yammer.com/embed-feed?
container=%23yammerRender
& feedType=open-graph
& objectProperties%5Burl%5D=https%3A%2F%2F<tenantname>.sharepoint.com%2Fsites%2Fnewsdev1%2Fuk%2FPages%2FKatherine%2520Grainger%2520Is%2520Britain’s%2520Most%2520Successful%2520Female%2520Olympian.aspx
& objectProperties%5B
private%5D=true
& config%5B
promptText%5D=Talk%20about%20this%20on%20Yammer
& config%5B
defaultToCanonical%5D=true
& config%5B
header%5D=true
& config%5B
hideNetworkName%5D=true
& config%5B
footer%5D=false
& config%5B
showOpenGraphPreview%5D=false
& config%5BuseSso%5D=true
& bust=1471035190502″

So the settings are:

  • Feed type: open-graph
  • Private: true
  • PromptText: Talk about this on Yammer
  • DefaultToCanonical: true
  • Header: true
  • HideNetworkName: true
  • Footer: false
  • ShowOpenGraphPreview: false
  • UseSSO: true

So these settings mean that it is defaulted to using the open graph mode. This converts the content url into a rich object in Yammers social graph. Private being true means it requires either a group or people to be mentioned to show to those selections. The prompt text appears in the text box. Header being true makes it show, combined with hiding the network name makes it show ‘Yammer Conversations’. No footer is being shown, so no ‘log out option’. Interesting they choose not to show the open graph object previews. This makes a little sense as that can’t see internal Office 365 data, although you might still want this to be ‘true’ in the case where an employee posts a url that is public. Finally the default to canonical (crazy name for this) means it will seek to use your accounts ‘home’ network rather than default to whichever network you last visited. That’s quite useful as you don’t want to accidently share private corporate links to another network. Use SSO being true means it uses the SSO.

So there you have it, simple settings correct for the context of Delve. Useful to know if you want to have the same experience elsewhere.

The Future of SharePoint paradigm series – First look at the SharePoint Home

image_thumb.png

On May 4th we got an insight into the Future of SharePoint from Jeff Teper and team, you can read my event summary here: http://weshackett.com/2016/05/whats-new-with-sharepoint-microsofts-future-of-sharepoint-event-round-up/ In this article I outlined three areas of this series, this article falls within:

User Experience

Exploring the implications for organisations of the new UI and experiences being pushed into service.

During the Future of SharePoint event we saw the announcement of the new SharePoint Home experience. You can read more about the wider announcement about the ‘mobile, intelligent intranet’ from the Office Blogs. In the video Adam Harmetz, Group Program Manager, SharePoint experiences, talks about all the amazing new user experiences coming to SharePoint and Office 365. About 40 seconds into Adam’s video we get the first glimpse of the new SharePoint Home experience.

A little history

Since the launch of the SharePoint 2013 visuals on Office 365 back in 2013 we’ve had a page called ‘Sites’. This is a first level navigation item which appears in the Application Launcher. As you can see in the image below the ‘Sites’ page forms a key element of the SharePoint navigation experience. It provides a strip of corporate links along the top, your personally followed sites, recent sites you have visited, and finally sites that are recommended. The Office 365 version is slightly more advanced than the on premises version.

image

 

The Future

Today Microsoft began the rollout of the new SharePoint Home. First Release tenants will begin to get the new experience as it rolls out across the service globally.

Lets take a closer look.

The welcoming experience.

You employees are guided into their first use with the key elements being highlighted. As you can see in the image your employee is introduced to the ‘frequent’ strip of sites and groups.

image

Next up your employee is shown the value of ‘following’ and ‘recent’ sites and groups.

image

Next is explanation of the ‘links’ section.

image

The final section is the ‘suggested’ sites and groups.

image

After the intro you’re in and the new SharePoint page is there in all its new shiny glory. You can see in the image below the main content areas match the replaced ‘sites’ page. This is good from one aspect as employees will be familiar with the sites and groups listed within each area.

image

Cards

Let’s take a closer look at each of the visible card types.

The site card:

The site card is picking up the site logo or name abbreviation if the logo was the default SharePoint logo. It has the ability to be followed via the star in the header strip. The site title is also being displayed. There are also three items of activity being listed. This is giving you insights into activity within that site.

image

The blog card:

Delve blogs you write for or read are listed. Notice the lack of following ability on blogs, it’ll be really great if this feature gets added in at some point.

image

Video channel card:

Video channel displays the video activity in that channel. You can follow that channel from the card.

image

Now a couple of interesting observations. First this card colour matches the video channel selection which is a good thing. Second is that you can follow the channel on the SharePoint Home, but not from within the channel itself. This scenario needs to get closed within the Video portal, I think the user experience should be consistent between the pages. This would reinforce the value of following the content through both experiences. Seeing a page experience within the Video portal which is the ‘followed channels’ would be a good extension to an already good experience. Many customers use the Video portal channels to group videos into a context for employees, such as technical walkthroughs, news, community and product information. Allowing an employee to follow a channel and see that from both SharePoint Home and the Video portal consistently.

image

While we look at the cards, you’ll notice that they have colours that are seemingly random. The team site above is using the default blue and white SharePoint theme, yet appears green in the SharePoint Home. This will hopefully become joined up as the new Team Site user experiences and branding rolls out later this year. I’d certainly like to see consistency between the two. Often themes on collaboration sites are set by business unit or type of function and having this visual cue consistent between both would again be a cool addition.

With all the cards the clicking/tap launches the site/group/channel into a new tab. The activity line items provide a link to each document or video which launches into a new window. I think I’d still use Delve to get to my documents based in activity scenarios.

Seeing all your Following and Recent

So in a normal enterprise you will be following and visiting a largish number of sites and groups. It’s not unusual to have 20+ in your personal following. In the SharePoint Home you can view them all by clicking the ‘see all’ link in the left hand menu.

image

The discoverability of this was not as clear as I think it could be. For me the ‘see all’ is visually associated to the ‘recent’ section so it took a few clicks to discover that it also showed all my ‘followed’ sites. Personally I’d like to see either the headings become clickable or a better information scent for each section, even if it just links to a bookmark of the section in the unified listing experience. As you can see from the image below this page from the ‘see all’ link lists all the sites I’m following.

image

The ‘recent’ section appears below the ‘followed’ section as you can see in this image.

image

This page doesn’t list out the activity within each site. I’m guessing there would be a pretty huge performance implication if every card was to display the activity list. Is this missing some of the value though? Should this be a place you can see activity across every site you follow. The Office Graph is driving a lot underneath, maybe there will be some exploration by Microsoft in bringing an activity addition to these cards as well. Although does this begin to clash with and dilute the value of Delve as an experience? I know customers are already asking about the search in the SharePoint Home they’ve seen in the videos and how Delve fits into this story. Delve is already an awesome experience and in many peoples opinion solves that ‘Goggle like’ search experience that we’ve been asked for for years. The way it can predict what you might be looking for before you search is proving to be of huge value in high performance organisation cultures for many customers. Is SharePoint now competing with Delve? The SharePoint Mobile app is also gaining document and site searching, the Delve app can do the same. Where and when will this become clear? Lets hope this gets addressed soon.

There also is no obvious back link on this page so I’m relying on the browser back to navigate.

Search

The existing ‘sites’ page provides search, the new SharePoint Home also allows a search experience.

The search box has a type-ahead feature as you can see below.

image

Typing something in like ‘exec’ in this example and you get this.

image

Clicking on ‘see all’ gives us an extended page.

image

At the time of writing my tenants weren’t showing the full experience Microsoft published via their support article. I’m assuming this is still rolling out behind the scenes.

SharePoint Home Search Results

You can switch back into the SharePoint search center clicking the link to ‘go to classic results page’. This auto switch isn’t remembered and has to be invoked each time. Another consideration here is that if you’ve invested in configuring and tuning your SharePoint search experience this new page is getting in the way between your initial search and the configured one. Possibly something to consider and feedback to Microsoft on.

Just for comparison lets look at the same ‘exec’ search in Delve.

image

Personally I would stick to using Delve for my initial search as it just provides a more useful experience for my working patterns. Board and Yammer features just add the value I need during a discovery scenario.

Links

The links are managed in the same way as before through the page if you are an admin or via the SharePoint Profile service in tenant admin.

Putting the links into edit mode

image

Adding a new link is simple

image

New site

Finally there is the ‘new site’ link, which still launches the existing SharePoint create new experience. We’ll see the new provisioning interface later when the new team sites arrive I guess. Still plenty of value to be had from your PnP provisioning investments, but plan for how this change will impact you.

Summing it up

So it’s a big improvement to the ‘sites’ experience. As with everything first release it’s not perfect, or complete, but jumping into User Voice https://sharepoint.uservoice.com/ and sharing ideas, improvements and new features will help the team get more from the service.

You can read the official support information here: https://support.office.com/en-us/article/Find-sites-and-portals-in-Office-365-6b85097a-87e0-4611-a29a-dfd49b1a1220?ui=en-US&rs=en-US&ad=US which is a good place to start to understand the mechanics of how to configure the page and the information available.

Dealing with this change inside your organisation also needs some considerations. Start to prepare you internal communications team to publise these features. Key highlights should include:

  • Reassuring employees that existing data reminds the same and that the experience is additive
  • Explaining the features and how they support working scenarios
  • Explaining the options with Office 365 for searching and which is appropriate in certain scenarios

I hope you found this info useful and onwards to the Future of SharePoint

What’s new with SharePoint? Microsoft’s Future of SharePoint event round-up

Team-site-home-1.png

Today Microsoft hosted a Future of SharePoint event, sharing publically for the first time what the SharePoint roadmap has to offer in 2016 and beyond.

It did not disappoint. The event placed SharePoint and OneDrive’s soon-to-be-released simple user experience and rich mobile capability front and centre of Microsoft’s Office 365 offering. Another point of emphasis was the huge leap Microsoft have in empowering employees to be more productive, with significant investments having been made in the document lifecycle experience.

What does this mean for Office 365 customers? Let’s take a closer look.

Improving SharePoint Online’s user experience

There has been a proliferation of intranet-in-a-box products built on SharePoint Online over the past 5 years that aimed to make the SharePoint Online experience more intuitive to employees. Their popularity in the market did not go un-noticed by Microsoft, who have listened and responded to customer demand, with heavy investment being made in SharePoint as a “mobile and intelligent intranet,” as Adam Harmetz, Principal Group Program Manager at Microsoft, informed us today. In 2016 some fantastic new Graph powered enhancements will be introduced to deliver a personalised intranet experience to employees, including a recent activity capability and a recommended sites tool, driven by the actions of those you work with day to day. Team sites will also enjoy a series of updates, in my opinion, making them virtually feature complete from a collaboration standpoint. Favourites, KPI monitors, members, files and spotlights will make up the core team site offering before the year is out.

Microsoft have taken the bold step to reintroduce the SharePoint name into the Office 365 experience and will be swapping out the ‘Sites’ tile for a ‘SharePoint’ tile which comes through to your home experience. This modern and responsive user experience puts all the important sites and groups at your fingertips across your organisation.

image

Team sites have a huge overhaul and now provide a crisp and mobile ready experience. Your team can now highlight news, documents and announcement updates right on the home page experience.

Team site home 1

Within these Team sites pages gain the beautiful canvas editing experience from the Delve blogs. This will help teams share those important contextual articles about their work and outputs.

image

The improvements to SharePoint Online’s user experience has been supported with a new SharePoint mobile app experience which delivers an “intranet in your pocket” experience.

SharePoint app users will have on-the-go access to their sites and portals, files, search and people discovery as well as their work stored and managed in SharePoint. What’s more, the new app will also leverage office graph to highlight sites, content and people that are most relevant to the individual.

The SharePoint mobile app comes first to iOS, followed by versions for Windows and Android in the second half of 2016.

image

Empowering employees to be more productive

Document collaboration has long been the cornerstone use case for SharePoint Online and One Drive for Business. Microsoft are upgrading this experience so that when employees need to bring in files from OneDrive for Business or publish files between document libraries, users can click Move to or Copy to move or copy files to other locations across Office 365, without generating unnecessary versions of the same files. As such, moving a document from One Drive that you may have been working on in isolation, to a team site for wider consumption, will become a quick and easy process.

The Future of SharePoint paradigm series

I’ve been aware of the roadmap announced today for SharePoint Online for a number of months as I was lucky enough to be invited to attended the Developer Kitchen in Redmond at the start of February to play with some of the new tech talked about today. This has kept my company, AddIn365, ahead  in developing products for Office 365 that deliver value over and above what the platform has to offer and the direction of travel for services like SharePoint Online we heard about today. Today’s announcements will exert some much needed pressure on the wider Microsoft SharePoint eco-system to bring harder working value-add solutions to market.

Over the next couple of weeks I’ll be publishing articles on three key areas:

Mobile

How the Microsoft mobile offering has transformed the use cases for SharePoint, OneDrive and Office 365 for organisations.

User Experience

Exploring the implications for organisations of the new UI and experiences being pushed into service.

SharePoint Framework

A personal favourite, we’ll explore the implications for design, build and tech approaches in readiness for it’s release later this year. Whispers…. TypeScript and Framework wars enter the SharePoint dev conscious (React against AngularJS)

The full Microsoft roundup

For the full details check out the Microsoft blogs:

Vision & Overview Blog

The Future of SharePoint – https://blogs.office.com/2016/05/04/the-future-of-sharepoint

SharePoint Server GA & Feature Packs

SharePoint Server 2016—your foundation for the future – https://blogs.office.com/2016/05/04/sharepoint-server-2016-your-foundation-for-the-future/

SharePoint mobile app, SharePoint home, team sites, Microsoft Flow & PowerApps integration

SharePoint—the mobile and intelligent intranet – https://blogs.office.com/2016/05/04/sharepoint-the-mobile-and-intelligent-intranet/

SharePoint Framework

The SharePoint Framework—an open and connected platform – https://blogs.office.com/2016/05/04/the-sharepoint-framework-an-open-and-connected-platform/

It’s great to see that Microsoft are being pro-active in claiming the intranet space as part of their SharePoint Online offering. This will add a lot of value to the Office 365 service for subscribing organisations and will provide one more reason to those thinking about a move to Office 365, for doing so. The new user experiences, fantastic new SharePoint app and enhancements to the document experience fill some feature gaps and benefit from being both simple and intuitive.

Adding Custom Tiles to the Office 365 App Launcher

image_thumb.png

Microsoft recently released a new feature so that as an Office 365 admin you can add tiles to the App Launcher.

 

Setting it up

Browse to the Admin dashboard for your tenant, from the left hand menu choose the ‘Company Profile’.

image

 

From the ‘Company Profile’ page select ‘Custom Tiles’ from the left hand menu.

image

 

The ‘Custom Tiles’ page is now displayed, and on very first load will be empty.

image

 

Click the ‘Plus’ to create a new tile.

image

 

You’ll notice that the information being requested is a lot simpler than the Azure AD application configuration. So in my opinion you may still want to opt for the Azure AD application root if you wanted to use groups/user assignment for the tile. This new Office 365 custom tile approach really only provides ‘add the icon’ style functionality. So in scenarios where you wanted to use a consistent name and icon for say a HR system where different regions had different urls/systems you’d still want to use the Azure AD root. Relying on this new Office 365 custom tile would need two tiles and both would show for everyone. As it stands today this feature is probably only useful for truly generic links such as the SharePoint root site collection (But why MS ignored that for so long has always baffled me).

Just before setting the tile information we need to make sure we have the logo somewhere, I always use Lego mini figures in this tenant so I uploaded a new picture to the assets library of the root site collection.

image

 

Once I have an image somewhere (it could have been located anywhere including externally from the tenant) I can enter the information to create the tile.

image

 

The new tile is now listed. Note that you can also edit and remove the tile from this screen.

image

 

Browse to your ‘MyApps’ page.

image

 

There you can see our newly created tile. From here the employee can decided to pin it the App Launcher.

image

 

They can also view details about the app.

image

 

We can see the new tile in the App Launcher.

image

 

So this is a neat new feature which will satisfy the common request to have a tile for the Intranet home page. While MS could hopefully go further in the future to allow employee and group assignment like the Azure AD apps.

Creating a simple redirect app for the App Launcher

image.png

As we saw from the previous article Adding GitHub to the App Launcher the Office 365 user experience now incorporates the App Launcher as a persistent navigation element across the whole suite. Combine this with the Access Panel in Azure and you have two simple ways to provide a user with a navigation item. As you can see from the screen shot below, including last articles addition of GitHub.

Imagine an organisation wants to take advantage of the App Launcher to provide a link to their users for the company public website. On the surface this isn’t such a bonkers request. Many organisations have some elements of their internal intranet hosted within Office 365 and often they require a link to the public facing sites as well. It makes sense then as the App Launcher provides a globally available menu system that the intranet owner might ask for this link to be provisioned. Ok so far, a sensible request by the stakeholder….

Well if we cast our minds back to the types of application that can be displayed:

  • Office 365 applications – If you are using Office 365 such as Exchange and SharePoint and the logged in user is assigned a license then these will appear. The user will be automatically signed in when they click any of the Office 365 apps.
  • Microsoft or Third Party apps configured with Federation based SSO – If an Azure admin has configured the app with single sign-on mode set to ‘Azure AD Single Sign-On’ then when a user clicks the app they will be automatically logged in assuming they have been explicitly granted access to that application.
  • Password based SSO without identity provisioning – These are applications the Azure admin has added with the single sign-on mode set to ‘Password based Single Sign-on’. It is important to realise that all users authenticated to the Azure AD will see these applications. The first time a user clicks one of these apps they will be asked to install a lightweight browser plugin for IE or Chrome. Once they restart the browser the next time they navigate to that app they will be asked to enter the username and password combination for that app. This is then securely stored in Azure AD and linked to their organisation account. The next time the user clicks that app they will be automatically signed in with the credentials they provided. Updating credentials in the third party app needs the user to update their Azure AD stored credentials from the context menu on the app tile.
  • Password based SSO with identity provisioning – These are applications the Azure admin has added with the single sign-on mode set to ‘Password based Single Sign-on’ as well as identity provisioning. The first time a user clicks one of these apps they will be asked to install a lightweight browser plugin for IE or Chrome. Once they restart the browser the next time they will be automatically signed in to the application.
  • Application with existing SSO solutions – These applications are configured with the sign-on mode set to ‘Existing Single Sign-on’. This options supports the existing methods of SSO such as ADFS 2.0 or whatever the third party application is using.

None of these sound like a ‘simple’ type of hyperlink navigation item do they? They all assume the need for some kind of sign-on or application.

So at the time of writing this article there is no way to add a simple static url into the icons. Microsoft might pull this feature in at some point in the future, but for now we need something sensible to help us implement it.

NB: When researching this challenge I did stumble upon one blog article which was suggesting using jQuery to inject items in the html of the App Launcher. While in reality the author had it working it would be something I’d steer well clear of for the following reasons:

  • Microsoft ‘own’ the UI/UX for the App Launcher which means they can make breaking changes any time they like leaving you with a broken implementation at best
  • The article could only get this to work across SharePoint Online as the author could inject the required script. This meant that users outside of SharePoint lost this set of icons in things like Exchange.

So where does that leave us? Simple really we need an application registered with our Azure Active Directory which can redirect the user.

Creating our redirection app

So we have two options for this, manually craft an Application and register it with our Azure AD Applications or use the Visual Studio tools to help. For this article we’ll opt for the Visual Studio root and rather explain what’s happening behind the scenes as we go.

So lets get going by cracking open Visual Studio 2013.

Lets create a new MVC Web Application called ‘SimpleRedirectorApp’ and click OK.

image

image

Lets be good citizens and change our app to use SSL. Change the Project property to SSL Enabled to true.

image

Then copy that URL into the properties page on the Web tab.

image

Save the project and run it.

At this point you should see the normal templated MVC page running on your localhost under SSL.

image

So at this stage we have a basic MVC web application up and running. Now lets switch into our Azure portal and take a look at the applications listing.

This is all the applications I have configured in the Azure Active Directory. You’ll notice from the screen shot below our new app is not yet listed in the applications and thus Azure and the App Launcher no nothing about it.

image

If we were doing this manually we would go through the steps to ‘Add’ the application here. For this run through we’re going to jump back to Visual Studio.

We are going to use the Office365 Tools to add a connected service which wire up our app the associated Azure AD for us.

So from the context menu of the project chose ‘Connected Service’.

image

Click ‘Register your app’.

image

Sign in with a user who is an Azure AD admin / Tenant admin which is normally one and the same.

image

This will then show you information about your application.

image

Click ‘App Properties’ and make any changes from single to multi tenant if you require.

image

Note that the URLs are being displayed which match where our App will run from at the moment. When you choose to publish these elsewhere for Production you update these values.

Now when this wizard finishes it has done a few things. Firstly its added a set of things to the web.config file to store the Client Id etc.

image

Next if we switch back to our Azure Portal you’ll see the App is now being listed.

image

Clicking in we can view the settings that have been made.

image

One of the things we can’t do from the Visual Studio tools is set the Logo for the App. This is important to do as it’s the visual icon in the App Launcher. So click the ‘Upload Logo’ from the menu bar.

image

Choose an image which matches the specifics in the dialog box. I’m going to be linking to my companies website so created a quick icon based on our logo.

image

Scrolling down you can see the URLs listed and the permissions the App needs to run. Notice at the moment we don’t ask for anything other than delegated permissions on the Azure AD to enable SSO and read the profile of the user. That’s all we need.

image

Once the App is configured we need to assign users to it so it shows up for them. So click the ‘Users’ tab and find the user you need to assign. As you can see from the screenshot I’m just going to assign myself it for now. Once highlighted click ‘Assign’ from the menu bar.

image

Now when you browse to your Office 365 tenant and open the ‘My Apps’ page you can see our new App listed. As you can see from the screen shot below.

image

At the moment we have to manually ‘pin’ this new app ourselves Sad smile hope Microsoft add features to do this from the portal at some point.

image

So now it shows up in the App Launcher. Hooray you say… click it and what happens… we get the boring old MVC default page in a new tab. (assuming you still left the app in debug, remember its localhost at the moment).

image

So only one more step to go. Lets make our App go where it should, to the all important public website.

Open the HomeController.cs and find the Index method.

Change it from this

image

To this

image

We changed the result object to the RedirectResult type and provide it the url of our public site.

Now rerun our localhost app and it should redirect straight to the website.

image

Now when we click the App from the App Launcher we get a new tab and the App handles the redirection to the specified site.

Happy stakeholder Smile

As I mentioned earlier one of the best things about this approach is that it is truly suite wide as you can see from the screen shot of the users Calendar below.

image

In a more detailed scenario you might want to add more features to the redirection app and make it configurable without hard coding, but this was the basic how to Smile.

Adding GitHub to the App Launcher

image.png

Lets start with a little background

One of the latest features released to Office 365 and Azure was the ‘App Launcher’. This feature (Microsoft Announcement) provided a consistent menu of applications that can be launched by the user. Azure Active Directory now provides an easy way to integrate to many SaaS platforms. It provides identity and access management features through the Azure portal and the Access Panel for users to discover apps they have access too. The App Launcher leverages the same underpinnings within Azure to provide the suite wide UX within Office 365.

Azure Access Panel

Information about setting up Application Access in Azure Active Directory can be found here: http://msdn.microsoft.com/en-us/library/azure/dn308590.aspx Another feature we won’t go through but is worth mentioning is the ‘Change Password’ feature on the profile tab.

This is a screen shot of my tenant Access Panel. You can browse to yours using: https://myapps.microsoft.com

image

The Access Panel can serve several different types of application:

  • Office 365 applications – If you are using Office 365 such as Exchange and SharePoint and the logged in user is assigned a license then these will appear. The user will be automatically signed in when they click any of the Office 365 apps.
  • Microsoft or Third Party apps configured with Federation based SSO – If an Azure admin has configured the app with single sign-on mode set to ‘Azure AD Single Sign-On’ then when a user clicks the app they will be automatically logged in assuming they have been explicitly granted access to that application.
  • Password based SSO without identity provisioning – These are applications the Azure admin has added with the single sign-on mode set to ‘Password based Single Sign-on’. It is important to realise that all users authenticated to the Azure AD will see these applications. The first time a user clicks one of these apps they will be asked to install a lightweight browser plugin for IE or Chrome. Once they restart the browser the next time they navigate to that app they will be asked to enter the username and password combination for that app. This is then securely stored in Azure AD and linked to their organisation account. The next time the user clicks that app they will be automatically signed in with the credentials they provided. Updating credentials in the third party app needs the user to update their Azure AD stored credentials from the context menu on the app tile.
  • Password based SSO with identity provisioning – These are applications the Azure admin has added with the single sign-on mode set to ‘Password based Single Sign-on’ as well as identity provisioning. The first time a user clicks one of these apps they will be asked to install a lightweight browser plugin for IE or Chrome. Once they restart the browser the next time they will be automatically signed in to the application.
  • Application with existing SSO solutions – These applications are configured with the sign-on mode set to ‘Existing Single Sign-on’. This options supports the existing methods of SSO such as ADFS 2.0 or whatever the third party application is using.

Full details about the Access Panel can be found here: http://msdn.microsoft.com/en-us/library/azure/dn308586.aspx

App Launcher

The App Launcher is the name for the UX within the Office 365 suite. The screen shot below shows the fly out menu active on my tenant. You can see all the apps that this user is assigned licenses for are visible, also admin as this user is a tenant admin.

image

You’ll also see the ‘My Apps’ option in the bottom right corner. This takes you to a fully immersive experience listing all your apps. As you can see from the screen shot below.

image

This page lists all the applications from Azure AD applications as well as anything you have installed within your OneDrive for Business site on SharePoint online.

Configuring GitHub through the App Launcher

So we’ve taken a whistle stop tour around the Azure AD Access Panel and App Launcher lets now look at how to add an application to it. For this article we’re going to look at providing our users SSO for GitHub. The Azure AD links above show how to connect up to all sorts like SalesForce, DropBox etc, but Microsoft’s latest code repository choice isn’t listed. As all the  Office Dev Code Samples these days live in GitHub it makes sense to provide a SSO implementation for your dev teams. Here’s how.

First thing to do is log into the Azure portal. You’ll see the connected Azure Active Directories listed. You might have several or just your Office 365 directory. You pick the one you want the application to show up in. In my example I’ll pick my main tenant.

image

When you click the required AD row it will switch into the dashboard for that AD service. As you can see by the screenshot below there are lots of different things you could do here, but we are going to focus on the ‘Applications’ tab only.

image

Clicking the ‘Applications’ tab shows the connected applications. In the screen shot you can see I’ve been busy with the Office 365 APIs Smile. Also note that this AD is connected to my Office 365 subscriptions so both Exchange and SharePoint are listed. These don’t have the same degree of settings available as other applications though.

image

So to add a new application click the ‘Add’ from the menu bar. This pops a light box as you can see below. There are two options, first is to add a custom application (a topic for a further article) which you are developing, the second to connect a service from the gallery. At the time of writing there are about 4500 services and applications available in the gallery so it’s worth having a peek through. GitHub is an existing service so we need to click ‘Add an application from the gallery’.

image

Rather than browse it will be easier to type ‘GitHub’ in the search box. You’ll see the below. So click the ‘tick’ button to confirm.

image

Now GitHub is connected to your Azure AD as an application. We now need to configure the SSO settings and assign some users.

image

Click the ‘Configure single sign-on’ button to setup the SSO for GitHub. The light box that pops up has two options, first is the Password Single Sign-on, the second is for existing Single Sign-on. Both are explained in more detail above. We are going to choose the ‘Password Single Sign-on’ to connect as we don’t already have anything else configured for SSO with GitHub. Click the ‘tick’ to confirm.

image

We have now configured our chosen method of SSO. It’s time to assign some users. So click the ‘Users’ tab. From here all the users in your AD are going to be listed so you probably want to search using the slightly hidden search feature on the table header far right to narrow down the view to users you want.

image

Once you have your desired user select them by clicking the row. And then choose ‘Assign’ from the menu bar.

image

The light box that pops up allows us to confirm that user is about to be assigned access via SSO to this application. The checkbox feature we’ll come back to later in the article, for now leave it unchecked. Click the ‘Tick’ to confirm.

image

So there we have it, in some fairly simple steps we have configured SSO with GitHub via our Azure Active Directory. Lets now take a look at the implications for the end user experience in both the Access Panel and App Launcher.

Access Panel user experience

Now GitHub will show up for the assigned user. In the screen shot you can see the new GitHub tile has appeared. It can sometimes take a few minutes to update and the page may display a refresh message when changes have happened that need to reload.

image

As mentioned earlier a user can maintain their stored credentials via the Access Panel. As you can see from the screen shot this option is available from the tile on the Access Panel.

image

Clicking for the GitHub App very first time from the Access Panel invokes the browser plugin installer as you can see from the screen shot below.

image

In this example I was using Chrome, so here are the pop ups which trigger the install.

image

Confirm the installation dialog.

image

Next time you click the GitHub App you will be asked to enter your credentials as Azure AD does not yet have any stored. Enter the desired credentials and click ‘Sign In’.

image

Now when you click it the Azure SSO will kick in via the browser extension and log you in with the stored credential. Blink and you’ll miss it though, took me five attempts to screen grab the login step.

image

And there you have it, signed in to GitHub with the SSO password.

image

App Launcher user experience

The Office 365 App Launcher MyApps page now sports the same GitHub icon under ‘My Apps’.

image

Clicking for the GitHub App very first time from the My Apps page invokes the browser plugin installer as you can see from the screen shot below.

image

The next time you click the GitHub App the same SSO process as above is invoked and you get signed in.

One feature of the App Launcher which the Access Panel can’t do is allow the user to pin the App to the flyout menu. To do this navigate to the ‘My Apps’ page and from the context menu of the app click ‘Pin to app launcher’ as you can see in the screen shot below.

image

As you can see this then pins that app to your App Launcher menu.

image

Other stuff worthy of a mention

App Launcher where a user has no App assignment

Below is a screen shot of a different user within the same tenant and Azure AD who doesn’t have GitHub assigned as an App. As you can see their ‘My Apps’ page doesn’t list it.

image

Assigning a credential on behalf of a user in the Azure Portal

We mentioned the checkbox earlier. If you wanted to set the username and password during assignment check the checkbox and you get the option to enter the credentials on behalf of the user.

image

So why is this important? Well consider situations where you don’t want a user knowing or setting the credential. For example a situation where the organisation has a marketing twitter account. You can now provide SSO for the marketing team by setting up their credential on their behalf. They can still obviously change it in Twitter but it removes the need to email everyone the password.

Removing a user app assignment

Removing the user assignment is as easy as selecting them and clicking ‘Remove’ from the menu bar.

image

App dashboard

Another thing work mentioning is the App dashboard. Here you can see the login activity and some basic information about the app. What is really useful though is the Single Sign-on url. This is a unique url for this SSO’d app and pasting it in effectly jumps the Access Panel or App Launcher steps and navigates directly through the sign-on process. This would be useful if you are considering email or Yammer posts with links directly to the application.

image

Conclusion

Hopefully you’ve found this useful Smile and seen how easy it is to take advantage of the SSO features to improve your user experience.

So we now have GitHub easily available to all the assigned users, probably starting with the dev team.