The basic integration for Azure users allows organizations to pull user information from Azure AD and populate it in Oomnitza. More info in Azure AD can be found here: https://azure.microsoft.com/en-us/services/active-directory/
Extended integration for Azure AD Users
The basic integration will continue to work and is fully supported for existing users. For new users, it is recommended that you use extended integrations as your integration of choice. Extended integrations provide enhanced capability. While the basic integration retrieves key information about all the network devices in your organization, the extended integration retrieves information about all the devices in a network. Extended integrations are also significantly easier to set up and maintain. Refer to Extended integration for Azure AD Users for further information.
Standard Mappings
The following fields can be mapped from Azure AD to Oomnitza:
- Department
- Given name
- Is account enabled
- Job title
- Mail nickname
- Surname
- User principal name
Custom mappings
Additional fields my be available to may through the config.ini. Please see Creating Custom Field Mappings for more details on adding these mappings.
Setup
Details on how to setup your Microsoft credentials in Oomnitza can be found in Adding Microsoft credentials to the vault in Oomnitza.
Azure AD integration requires the following three pieces of information for a Service Principal Application in Azure:
- Tenant ID
- Client ID
- Client Secret
To get credentials, complete the following steps:
- Create a Service Principal Application in Azure. To create a Service Principal Application in Azure, follow the steps in Register an application with Azure AD and create a service principal. You must be an Azure Administrator to complete this process.
- Retrieve your tenant and client Ids: To create a tenant and client ids in Azure, follow the steps in Get tenant and app ID values for signing in.
- Create an application secret. To create an application secret in Azure, follow the steps in Option 2: Create a new application secret.
- Grant appropriate permissions: The only API permission required is Directory.Read.All (this applies to both Microsoft Graph API as well as the legacy Azure AD Graph API). To grant your application permissions to use the APIs, follow the steps in Grant permissions.
Configuration file
The configuration file must also contain the following fields:
- Enable - When True, turns the Azure connector on. When False turns the Azure connector off.
- Default_role - The default Role ID for newly created users. By default, 25 will create users with the Employee role.
- Default_position - The default Position for newly created users. Defaults to Employee.
Example Azure AD Config
More details on creating custom field mappings can be found here.
[azureusers]
enable = True
tenant_id = <tenant-id-from-azure>
client_id = <client-id-from-azure>
secret = <secret-from-azure>
default_role = 25
default_position = Employee
Comments
0 comments
Please sign in to leave a comment.