Fawlty Towers – Probably the best comedy series ever made together with Monthy Python’s Flying Circus. I am a big fan of the Pythons and admire their creative humour a lot. Fawlty Towers, Life of Brian, Flying Circus and Terry Gilliam movies should be preserved for future generations since it is the Holy Grail of what funny really is. When you’ve worked a decade or two professionally you also realize that the corporate bullshit we all encounter to some degree is quite pythonesque.
As an IT guy you often find yourself in need of naming stuff. Most often it doesn’t matter and you name it foo, bar or something boring. But once in a while you know that this thing you are about to name will stick with you for a while and doing a sloppy job will make you pay time and time again in the future. Naming your own startup company is one such thing. Your kids, pet or sports team is another. I was in that situation when I needed to create an Azure AD tenant that I needed for test and demo purposes. I knew that I was going to do branding of login and web pages, so it had to be something I dared to show and not be embarrassed about. So, I decided to name my Azure AD tenant fawltytowers2 in homage to the great TV series. Why the 2 suffix, you say? Well, there can only be one original and I didn’t want to register fawltytowers.com as a domain name and piss John Cleese off.
The story of fawltytowers2 that I will tell here is the story of how I use a lot of Azure and public cloud technology centered around the fawltytowers2 Azure AD tenant and make stuff hang together. In quite a few of my blog posts already I’ve used this tenant and I realize it is only going to be more, so this thing really deserves a page to tell its own story.
Fawltytowers2.com – The Beginning
If you do “whois domain” on fawltytowers2.com you will see that it is registered at Network Solutions since it is there I registered the domain. But I use the Azure DNS cloud service for the name servers, so I do no more than pay Network Solutions a really small amount of money each year to hold the domain and point the name servers to Azure. You can check this out by running looking up fawltytowers2.com on whois.net.
I’ve also created an Azure AD tenant in my Azure subscription named fawltytowers2.onmicrosoft.com (check out my blog post The Holy Trinity of Azure for what just happened here).
In this tenant I have my test users Basil, Manuel, Polly and Sybil. During my June 2016 blog series about using Azure AD as authentication source in different languages (see this), I configured them all to use fawltytowers2.onmicrosoft.com and registered them as “applications my organization is developing”.
Second step – Azure AD Premium
In order to use Azure AD App Proxy, you need to have the Premium version of AAD. Wow, that’s expensive I thought, but it turned out it wasn’t. I started with the Premium free trial period of 30 days and then signed one user up for Premium licens (Basil, since he is the manager). So whenever I need to do something that is a Premium feature only, Basil is the goto guy.
Third step – App Gallary
Wait, this is quite usable, I thought when I realized I actually saved myself time if I register apps from the Gallary to my Azure AD tenant. Now I have all my test accounts for AWS, Apple Dev, Salesforce, Dropbox, Twitter and more registered here and only need to remember Basils credential and the url myapps.microsoft.com.
Next – Going All In with custom domain fawltytowers2.com
With all this in place it was time to register fawltytowers2.com as a domain and get hide the “onmicrosoft” part in the FQDN. As mentioned in the prolog start, all I did was to register the domain with Network Solutions and pointing it to the Azure DNS cloud service. It becomes so easy when Azure tells me to “add TXT record to prove you own the DNS” to just go to another part of the Azure portal and enter it. There is no more wait-one-hour-for-DNS-refresh.
So at this point, firstname.lastname@example.org is a legitimate user with Azure AD as it’s authentication source and Azure DNS managing the domain’s name servers.