Sync Oomnitza with Microsoft Intune to gain visibility of user data.
Contents
- Before you start
- Information required for the integration
- Creating the user integration
- Standard mappings
- Creating custom mappings
- Launching the integration
Before you start
To easily find the records that are uploaded to Oomnitza, it's best practice to create a dedicated user account for each integration. This will make it easier for you to retrieve the records that are uploaded to Oomnitza from the vendor application.
Information required for the integration
Integration Information
Domain. By default, the domain is set to https://graph.microsoft.com. To enter the domain of your Microsoft account, you enter the fully qualified URL.
Credential information
The type of authentication is OAuth2.
To add credentials to Oomnitza, you require the following information:
- Client ID and client secret
- Tenant ID
- Scopes
Learn more
The following steps are provided as guidance only. Refer to your vendor's API documentation and consult your System Administrator for the most accurate and up-to-date instructions.
Step 1: Register an app in Microsoft Entra ID. Create the app registration that Oomnitza will authenticate as. See Register an application with the Microsoft identity platform
Step 2: Create a client secret. This is the credential Oomnitza will use to request tokens. See Add a client secret.
Step 3: Grant API permissions. For Intune assets and users permissions select DeviceManagementManagedDevices and then select all available options:
DeviceManagementManagedDevices.PrivilegedOperations.AllDeviceManagementManagedDevices.Read.AllDeviceManagementManagedDevices.ReadWrite.All
See Add permissions to access Microsoft Graph.
These are Application permissions (not Delegated), because you're using client credentials without a signed-in user.
Step 4: Grant admin consent. See Grant admin consent in the portal. Application permissions require a Global Administrator (or Privileged Role Administrator) to grant tenant-wide admin consent before they take effect.
Step 5: Note your credentials. You will need the following information to add the integration and the credentials in Oomnitza:
- Tenant ID
- Client ID
- Client Secret
See OAuth 2.0 client credentials flow.
This endpoint requires an active Intune license on the tenant.
Adding credentials to Oomnitza
Adding credentials to Oomnitza
Make life easier and add your credentials to Oomnitza before you create the integration.
- In Oomnitza, click Configuration > Security > Credentials.
- Click Add new credential (+).
- Search for the integration, and then click the forward arrow > to select the integration.
- Enter your client credentials and any other additional information.
- Click Authenticate. You are prompted to log in to authorize your request.
- Click CREATE.
To inherit the permissions that you set up for the Microsoft app that you registered, you enter https://graph.microsoft.com/.default as the scope.
Creating the user integration
- In Oomnitza, click Configuration > Integrations > Overview.
- Click Block view
.
- On the Integrations page, scroll down to the Extended section for user integrations.
- Click NEW INTEGRATION.
- In the sidebar, search for the integration.
- Click ADD.
Integration details overview
More information is provided about the following fields to help you complete the integration:
- User only. Add user records.
- User plus SaaS user. Add user and SaaS user records.
The benefit of adding SaaS user records is that you can run a workflow to validate the status and activity of SaaS users and retrieve information such as the role of the SaaS user. The information that can be retrieved depends on whether SaaS user workflows are available for the integration.
Installation types
- Cloud. Store credentials in the Oomnitza cloud.
- Local. Store credentials locally. If you want to sync Oomnitza with vendor applications that require AWS or OAUTH authentication, select cloud as the type of installation. Local installations don't support AWS and OAuth authentication.
Integration preferences
- Create & Update. Add and update records.
- Create only. Add records.
- Update only. Update records.
Editing the integration details
When you edit the Integration details section, you can select the name or names of integration contacts. Integration contacts will receive an in-app notification and an email, when the integration fails, when the integration fails to complete within 24 hours, or when the scheduled integration fails to run.
- Click Edit
.
- Make your changes.
Editing the credential details
If you selected Cloud as the installation type, choose one of the following options:
- Select the credentials that were created for the integration.
- Edit the credentials that were created for the integration.
- Create new credentials
Scheduling the integration
By default, data is synced once every day. Change the interval or the time so that the data is streamed when your system isn't busy.
- Click Edit
.
- Make and save your changes.
Mapping fields to Oomnitza
To map the fields to Oomnitza, click Edit .
Select Edit integration to add rules for syncing data.
Filtering integration results.
You can add new fields to your integration by selecting Add new field on the mapping page.
Creating custom API fields.
Standard mappings
Contact Number
Display Name
Email
First Name
ID
Job Title
Office Location
Surname
Username
Creating custom mappings
Map the Microsoft Intune fields to Oomnitza fields and create custom mappings to get the user information that you need.
Complete these actions:
- Click Smart Mapping to automatically detect appropriate mapping fields. Values from the integration can also be dragged to the appropriate field on the Oomnitza side, or selected from the integration field dropdown.
- Create a custom mapping for the Microsoft Intune User ID. Complete the following steps:
- Click the down arrow on the ID.
- Select Add new Oomnitza users field.
- Change the name of the field to Microsoft Intune User ID.
- Select the Unique checkbox.
- Click CREATE.
- Ensure that the Email is mapped to the Email field on the Oomnitza side (required for integration).
- Ensure that the Username is mapped to the Username field on the Oomnitza side (required for integration).
- Select the Role field on the Oomnitza mapping side.
- Choose a suitable role from the list (a defined role is necessary for the integration)
- Assign a sync key to a unique field, such as the Email.
- Click UPDATE.
Selecting sync keys
You must select at least one field as the sync key field. To ensure that the sync runs successfully, the field must contain unique values such as the serial number of an asset record or the email address of a user record. Records that do not contain a value for the sync key are skipped.
See Configuring multiple sync keys.
Launching the integration
Your integration is in Draft mode until the required mandatory fields are added. When added, click Launch to activate your integration.
If you selected Cloud as the installation type when creating the integration, see Running an extended integration
If you selected Local as the installation type when creating the integration, see Running an extended integration locally.
Viewing data ingested by Oomnitza
Viewing ingested asset data
For asset integrations, click Hardware. If the asset integration also ingests software data, click Software.
Viewing ingested user data
For user integrations, click People. If you chose the option to ingest User and SaaS user data, click Software > SaaS, click the SaaS app, and then click the Users tab.
Comments
0 comments
Please sign in to leave a comment.