Using organizational AD for multiple Azure subscriptions

1
votes

We have two Azure subscriptions and an Office 365 subscription for our company.

In "Subscription #1", we have a VNET and a bunch of VMs. We have our "organizational AD" in this VNET. We also set our Office 365 subscription to use our organizational AD that is in this Subscription #1.

We then have a second Azure subscription (Subscription #2) in which we have WebApp's, databases and Visual Studio Team Services (VSTS - formerly Visual Studio Online) repositories. We set up our VSTS to use the directory service -- WAAD -- associated with this second subscription.

My question is: can we set it so that this second Azure subscription uses our organizational AD to manage user access? Our primary goal here is to have "single sign-on" in this second Azure subscription. For example, we want our developers to be able to use their organization AD accounts to access the VSTS repositories.

P.S. We do prefer keeping these two Azure subscriptions separate but still have single sign-on.

1
azureazure-devopsazure-active-directory

1 Answers

1
votes

In short, yes you can. The easiest way to do this is by putting in a support ticket with Azure and asking them to perform this task for you. You should be able to put a ticket in with billing support to avoid costs.

The other way to do this involves having the Service Administrator of the 2nd Azure subscription be a Global Admin on the Azure Active Directory in question. You can then follow the steps found in this link.