Start preparing for your Next Exam | Use coupon – TOGETHER | Avail 30% discount

Self-service sign-up for Azure Directory

  1. Home
  3. Self-service sign-up for Azure Directory

Go back to AZ-304 Tutorials

Exam AZ-304 is retired. AZ-305 replacement is available.

In this article, we will learn and explain about using self-service sign-up for populating an organization in Azure Active Directory (Azure AD). For those who want to take over a domain name from an unmanaged Azure AD organization check an unmanaged directory as administrator.

Why use self-service sign-up?

  • Firstly,  it gets customers to services faster
  • Secondly, it creates email-based offers for a service
  • Thirdly, it creates email-based sign-up flows that quickly allow users to create identities using their easy-to-remember work email aliases
  • Lastly, a self-service-create Azure AD directory can transform into a manageable directory. This further can be used for other services
There are various terms and definitions that includes:

Self-service sign-up: This is the method using which a user signs up for a cloud service and has an identity automatically created for them in Azure AD based on their email domain.

Unmanaged Azure AD: This refers to the directory path for creating an identity. However, an unmanaged directory is a directory that has no global administrator.

Email-verified user: This is a type of user account in Azure AD.In this, a user has an identity created automatically after signing up for a self-service offer is known as an email-verified user. However, an email-verified user refers to a  regular member of a directory who is tagged with creationmethod=EmailVerified.

Controlling self-service settings

There are two self-service that admins can control. They can control whether:

  • Firstly, users can join the directory via email
  • Secondly, users can license themselves for applications and services
Az-304 Practice tests

Controlling capabilities

An admin can check these capabilities using the Azure AD cmdlet Set-MsolCompanySettings parameters that are:

  • Firstly, AllowEmailVerifiedUsers controls whether a user can create or join a directory. However, if you set that parameter to $false, no email-verified user can join the directory.
  • Secondly, AllowAdHocSubscriptions. This controls the ability for users to perform self-service sign-up. However, if you set that parameter to $false, no user can perform self-service sign-up.

You should know that, AllowEmailVerifiedUsers and AllowAdHocSubscriptions are directory-wide settings that can be applied to a managed or unmanaged directory. To understand this check below:

  • You administer a directory with a verified domain.
  • Then, you use B2B collaboration from a different directory to invite a user that does not already exist in the home directory of the Website.
  • And, the home directory has the AllowEmailVerifiedUsers turned on
  • However, if the preceding conditions are true, then there is the creation of member users in the home directory. And a B2B guest user in the inviting directory.

Working of Controls

AllowEmailVerifiedUsers and AllowAdHocSubscriptions parameters are for conjunction to define more precise control over self-service sign-up. To understand this let’s take an example. The command below will allow users to perform self-service sign-up. But it will work only if those users already have an account in Azure AD:

PowerShell

Set-MsolCompanySettings -AllowEmailVerifiedUsers $false -AllowAdHocSubscriptions $true

The flowchart below explains the different combinations for these parameters and the resulting conditions for the directory and self-service sign-up.

flowchart for parameters in self-service signup
Azure Az-304 online course

Reference: Microsoft Documentation

Go back to AZ-304 Tutorials

Menu