Enable self-service application access
Start course
1h 11m

As companies race toward the cloud, it’s imperative that IT professionals keep up with the times. Keeping up with the times means maintaining the ability to deploy and maintain cloud-based solutions – particularly those offered through Microsoft Azure.

In this course, you will learn how to create and manage encryption keys in Azure, prevent and respond to security threats to Azure resources, configure access to Azure applications via single sign-on, manage access to Azure applications, and configure federation with public consumer identity providers like Facebook and Google. 

Learning Objectives

  • Create and import keys in the Azure Key Vault
  • Define, configure, and assess security policies
  • Harden Azure resources against threats
  • Configure single sign-on for SaaS applications
  • Configure federation with public consumer identity providers like Facebook and Google

 Intended Audience

  • People interested in becoming Azure security engineers 


  • General knowledge of IT infrastructure
  • General knowledge of the Azure environment






In addition to assigning users and groups to applications directly, access can also be granted via self-service. Self-service application access allows users to self-discover applications. And you can allow the business group to manage the credentials signed to those users. Before your users can self-discover your application right from their access panels you need to enable self-service application access for those applications that you want to allow self-discovery for. 

To enable self-service application access to a particular app launch the Azure portal and sign in as a global administrator. We've already done that here. Once logged in as a global admin open the active directory extension and select Enterprise applications. From a list of applications enabled in your tenant click on the application that you wish to enable self-service for. Once it loads simply click self-service from the applications left-hand navigation menu. And select yes to allow users access this application. 

After enabling self-service for the application select a group of users that should be able to request access to this application. In this case, we're going to select Dropbox users. And from here we just click select. Now if business approval is required before users are allowed to access the application you can set the required approval before granting access toggle switch to yes. And in that case, you would select the approvers that would be enabled to approve access to this application. 

If there are multiple roles within the application you can also select the role that users should be assigned within the application here. In our case, we only have the default access role. After making our selections here we click save. This point it will ask if we're sure and we click yes. After you've completed the self-service application configuration your users can navigate to their application access panel and click on the add button. This will allow them to find the apps to which they've been allowed self-service. On the screen where I'm in my application access dashboard and what I can do is click add an app and as you can see we can now add Dropbox as an application via self-service.

About the Author
Learning Paths

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.