One login for multiple Azure subscriptions?

1
votes

I have two azure subscriptions, one personal, tied to my Microsoft ID, and another under a different Microsoft ID for a charitable organization where I am the one-man IT/web dev guy. I created the org's azure account/subscription myself. I can't figure out how to create websites, etc. under my personal MS ID login without logging in and out of the separate microsoft IDs to manage both sets of Azure resources.

Logging in with the org's MS ID, in the azure portal I've made my personal ID a subscription admin (Subscriptions>Access Control>Add my personal MS ID, then right clicked to make co-administrator. This is confirmed since now a right click shows "Remove co-admin" so that implies it's correctly set up as a subscription co-admin. That user is also in the Owner Role.

Step 2, in the Active Directory for the org subscription, Users and Groups>All Users>New User, added my personal MS ID. Then I select that user, click Directory Role on the left menu, and selected Global Administrator radio button and save.

So now my personal MS ID user is a subscription co-admin and a AD Global admin in the org's azure portal.

To check, if I then go to any resource group or App Service and look at Access control I see my personal MS ID user listed as an Owner for that resource and all other resources. So everything looks good.

So if I log out of the org ID and log in with my personal MS ID and go to the Azure portal, I see my usual personal Azure account resources. But I don't understand how to either see and manage those resources in the org's Azure subscription or how to switch subscriptions, or switch directories (it's not listed on the top right), and when creating a new resource, I have no option for the org's subscription to use. How do I see/manage those resources in the org's directory? Is this even possible? Or do I need to log out and log in with the org's MS ID, which is a major annoyance since it also logs me out of outlook etc. when I switch IDs.

2
azureazure-active-directory
It seems that your subscription is not in a same tenant id. It is not possible one login for multiple subscription. You could change subscription on Azure Portal on top right. - Shui shengbao
Hmm... Have you tried adding your personal MS account to Owner role in that org's subscription? - juunas
@Walter-MSFT I don't see any kind of "change subscription" top right on Azure portal. Do you mean sign out and sign back in on the other login? I can change my current directory from that menu but the org directory for the other subscription I'm an admin for doesn't show up there. Is it supposed to? - Eric Sassaman
@EricSassaman Under sign out, could you see other directory? - Shui shengbao
I happen to have another directory under my personal subscription. I do see that and regularly switch back and forth with no problems. I'm properly set up as an admin in that directory and switching works great. But I do not see the directory for my org's azure account/subscription in my list of directories, where I am also set up as an admin (or co-admin). - Eric Sassaman

2 Answers

3
votes

Azure Subscriptions are "housed" within a specific Azure Active Directory Tenant. You should treat an AAD Tenant as the top level object structure, in that each Tenant is entirely separated from each other Tenant.

If you had multiple subscriptions within a single tenant, you would be able to sign in one time, and gain access to all those subscriptions.

However, since these subscriptions look like they are in different Tenants, there is no way to avoid logging in two times to access the two subscriptions. To expand on this, there would be no way to avoid logging in two times to access any unique objects across these two Tenants.

0
votes

For me, the answer was

  • Access Azure portal login page
  • Click "Sign in as a different user"
  • type the exact same email address
  • select "School or Work account" option.

This one was tied to the Azure AD and they reset my password through there. Not sure it really helps you cos signing in and out all the time still a thing, but it took me far too long to get this right so thought i'd share.