Azure AD Users Connector

Oomnitza's Azure User Connector allows organizations to pull user information from Azure AD and populate it in Oomnitza. More info in Azure AD can be found here: https://azure.microsoft.com/en-us/services/active-directory/

Microsoft Azure Is Ready For You - KT Connections Blog | Rapid City, SD |  KT Connections

Standard Mappings

The following fields can be mapped from Azure AD using Oomnitza's User Interface:

  • Department
  • Given name
  • Is account enabled
  • Job title
  • Mail
  • Mail nickname
  • Surname
  • User principal name

Custom Mappings

Additional fields my be available to may through the config.ini. Please see Creating Custom Field Mappings for more details on adding these mappings. 

Setup

Details on setting up the Oomnitza Connector can be found in Oomnitza's Articles on Connector Setup. 

Azure AD integration requires the following three pieces of information for a Service Principal Application in Azure:

  • Tenant ID
  • Client ID
  • Client Secret

Documentation from Microsoft is available in the articles below, and we've outlined them in the section below.

Creating a Service Principal Application in Azure

Notes:

  1. You must be an Azure Administrator to complete this process. 
  2. The below steps and images are taken from Microsoft's Azure documentation. Though we do our best to keep this document accurate, the interface and the steps involved may change without warning.

Register an Azure AD Application:

  1. Sign in to your Azure Account.

  2. Select Azure Active Directory.
    Screenshot shows Azure Active Directory selected from the Azure portal menu.

  3. Select App registrations.
    Screenshot shows App registrations selected from the Manage menu.

  4. Select New registration.
    Screenshot shows New registration selected.

  5. Name and Register the Application. 
    Screenshot shows the Register an application page where you can enter the values in this step.

Retrieve your Tenant and Client IDs:

  1. Select Azure Active Directory.

  2. From App registrations in Azure AD, select your application.

  3. Copy the Directory (tenant) ID and Application (client) ID. These will be added to the config.ini.
    Copy the application (client) ID

Create an Application Secret:

  1. Select Azure Active Directory.

  2. From App registrations in Azure AD, select your application.

  3. Select Certificates & secrets.

  4. Select Client secrets -> New client secret.

  5. Provide a description of the secret, and a duration. When done, select Add.

  6. Save your newly created Secret.

Screenshot shows the Certificates & secrets page where you can add a client secret.

Grant Appropriate Permissions:

The only API permission required is Directory.Read.All (this applies to both Microsoft Graph API as well as the legacy Azure AD Graph API). To grant your application permissions to use the APIs:

  1. Select API permissions.
    mceclip0.png       

  2. Select Add a permission.

    Screenshot shows the A P I Permissions page where you can select Add a permission.

  3. On the Request API permissions page, locate Support legacy API Azure Active Directory Graph.

    Screenshot shows the Request A P I permissions page where you can select Azure Active Directory Graph.

  4. On the Required permissions page, select Application Permissions, expand Directory checkbox Directory.ReadAll. Select Add permissions.

    Screenshot shows the Request A P I permissions page where you can select Application permissions.

  5. On the Reporting API Application - API Permissions page, select Grant admin consent.

    Screenshot shows the Reporting A P I Application A P I permissions page where you can select Grant admin consent.

Config File

The full config file should also contain the following fields:

  • Enable - When True, turns the Azure connector on. When False turns the Azure connector off.
  • Default_role - The default Role ID for newly created users. By default, 25 will create users with the Employee role.
  • Default_position - The default Position for newly created users. Defaults to Employee.

Example Azure AD Config

 More details on creating custom field mappings can be found here.

[azureusers]
enable = True
tenant_id = <tenant-id-from-azure>
client_id = <client-id-from-azure>
secret = <secret-from-azure>
default_role = 25
default_position = Employee
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk