将服务应用程序部署到不同租户Deploying a service application into a different tenant

本文介绍部署服务应用程序的过程。This article describes the process of deploying a service application. 这种情形中,将使用初始开发 AD 租户注册应用程序转换为使用不同公司的生产 AD 租户注册应用程序。In this scenario we are transitioning the application from being registered with its initial development AD tenant to being registered with a different company's production AD tenant.

备注

仅在服务应用程序使用对称密钥身份验证时才涉及此情形。This scenario is only relevant if the service application uses symmetric key authentication.

方案Scenario

公司 CoolApp 使用 Azure 信息保护 (AIP) 开发了一个服务应用程序,该应用程序会在用户从业务应用程序(如 Dynamics、SAP 或 Salesforce)导出文档时,对文档进行加密、标记和保护。Company CoolApp has developed a service application using Azure Information Protection (AIP) that encrypts, labels, and, protects documents when users are exporting from a business application such as Dynamics, SAP, or, Salesforce. 在此方案中,大型企业 ABC 购买 CoolApp 的新应用程序,因此 CoolApp 团队需将他们的解决方案部署到 ABC 的环境中。For this scenario, large enterprise ABC buys CoolApp's new application so, the CoolApp team needs to deploy their solution into ABC’s environment.

在不同的租户中创建对称密钥的示例流程

流程 1:CoolApp 向 ABC 提供 UI 对话框以实现部署Flow 1: CoolApp provides a UI dialog to ABC to implement the deployment

ABC 购买 CoolApp 的解决方案后,ABC 的 IT 管理员必须创建 CoolApp 服务主体,并将该应用程序注册到 ABC 的 Azure AD 租户。Once ABC purchases CoolApp's solution, the IT administrator at ABC must create the CoolApp service principal and register the application in ABC's Azure AD tenant.

部署应用程序创建服务主体部分概述了这些步骤。The steps for this are outlined in the Create a service Principal section of Developing your application.

IT 管理员对应用程序进行输入的 UI 示例

备注

需要租户管理员权限才可在租户中创建服务主体To create Service Principal in a tenant you need tenant admin rights

然后,ABC IT 管理员将启动 CoolApp 的应用程序作为其环境中的服务,并嵌入要使用的 CoolApp 应用程序的详细信息,如应用程序 ID、租户 ID 和对称密钥。ABC's IT administrator then launches CoolApp's application as a service in their environment and embeds the details for the CoolApp application to work such as; application ID, tenant ID, and, the symmetric key.

如果不需向 ABC 的 IT 管理员提供 UI 对话框的服务主体信息,则请遵循流程 2 的方法。If the desired experience is to not provide the IT administrator of ABC with a UI dialog for the service principal information, then Flow 2 is the method to follow.

流程 2:ABC IT 管理员向 CoolApp 团队提供密钥Flow 2: ABC IT Administrator provides the key to the CoolApp team

ABC IT 管理员创建服务主体后(如图 1 所示),ABC 向 CoolApp 团队提供信息。Once ABC's IT Administrator creates the service principal, as shown in Figure 1, ABC provides the information to the CoolApp team. 然后 CoolApp 团队继续在 CoolApp 应用程序中嵌入信息,以供 ABC 的租户使用。The CoolApp team then proceeds to embed the information in the CoolApp application for use in ABC's tenant.