Learn how to prepare your environment to run the demo
1. Configure Self-service password reset
Microsoft Entra self-service password reset (SSPR) gives users the ability to change or reset their password, with no administrator or help desk involvement. For this demo after the new hire completes the onboarding process, they can set up their password themselves. . Follow the guidance how to Enable users to unlock their account or reset passwords using Microsoft Entra self-service password reset.
The following image shows how to configure Self-service password reset for all or selected users in the directory
2. Configure Temporary Access Pass
A Temporary Access Pass is a time-limited passcode that can be configured for single use or multiple. Users can sign in with a Temporary Access Pass to onboard other authentication methods including passwordless methods such as Microsoft Authenticator, FIDO2 or Windows Hello for Business. Follow the guidance how to Enable the Temporary Access Pass policy
The following image shows how to configure Temporary Access Pass
3. Assign Microsoft Entra admin roles
For this demo, you as a manager create the new hire an account in your tenant. To add, delete or update users, you must be a User Administrator or Global Administrator role in your tenant. Follow the guidance how to Assign Microsoft Entra roles to users and add Make sure you have the following pemrmissions:- Global Administrator, or all of the following pemrmissions:
- User Administrator
- Authentication Policy Administrator
- Groups Administrator
4. Admin Consent for Delegated Permissions
This multi-tenant application requests delegated permissions that require your own tenant admin consent. The will receive an error message that says you are not unauthorized to consent to your app's permissions (unless you have the right pemrmissions). You are required to ask your admin for access to the app. If the admin grants consent for the entire tenant, the organization's users don't see a consent page for the application unless the previously granted permissions are revoked or the application requests for a new permission incrementally.Find the Woodgrove Onboarding demo application in your Entra ID tenant. You and find it in the Identity > Applications > Enterprise applications > All applications. Then Grant tenant-wide admin consent to an application, or Grant consent on behalf of a single user by using PowerShell
The following image shows how to consent on behalf of the organization
