With Azure AD you can provision access to SAAS apps for your end users and provide the password in advance so that the end user never actually knows what it is. This can be useful i.e. giving your marketing team access to the corporate twitter account without them ever knowing the password. This means you can be assured the password is not shared with others and means it can only be accessed by authorised users who are logged into their corporate account in azure ad. This also gives administrators to ability to revoke access to the app if a user leaves the company. I am going to demonstrate this using Twitter.
In Azure Active Directory navigate to the Enterprise applications blade and choose new application
Under Add from the gallery search for Twitter and click add. In the next window choose users and groups and assign the group of users you wish to have access to the corporate twitter account
Now go to the single sign on blade and choose “Password-Based” and then click save. Now if you go back to users and groups and click the group you previously added you will find the “Update Credentials” button is no longer greyed out. Click Update Credentials
Type the username and password of the corporate twitter account and click save
To test this is working correctly using the credentials of a user in the group you assigned log in to the access panel https://myapps.microsoft.com
Click on Twitter and you will find it will automatically sign you into the corporate twitter account. NOTE: This requires the browser plugin to replay the credentials. You will be prompted to install.
You can also provide the user a direct single sign on link so they don’t have to go to the access panel first. To do this firstly go back to Enterprise applications and select twitter from the list. Under the properties tab provide your end users with the “User Access URL”
