Hi,
We are using Azure AD to create users, groups for an application that sits outside of Azure AD (hosted internally)
We want the ability to delegate the user management to an admin of that application (create users, assign groups etc)
I can see that in the Premium Azure AD subscription you can create AD users that have access to the WAAD Access Panel (myapps.microsoft.com) and they can see groups and approvals (http://blogs.technet.com/b/ad/archive/2014/04/07/azure-ad-delegated-group-management-feature-walk-through.aspx
)
The problem is that we only have a basic subscription, is there any other way to provide basic level user management delegation to an application admin?
The only other way I can see is to create a whole new Azure account and separate AD and have the admin user of that account administering users/groups through the management portal - which is not ideal because they have access to other Azure resources (creating
instances, db etc). we only need the admin to be able to access user management of AD
It also seems like the user role "User Administrator" in Azure AD doesnt have much function because if you assign a user that role they cant login to the management console (they need subscription)
Regards,
martin
