Azure Active Directory configuration

Use this guide to configure an Azure Active Directory (AD) to allow read and optional write access and connect with the SecureAuth® Identity Platform.

After you complete this configuration, you can then add an Azure AD data store in the Identity Platform.

Prerequisites

  • Identity Platform version 20.06 or later

  • Azure AD and access to the Azure portal

Process

Step 1: Register the Identity Platform in Azure portal.

Step 2: Add API permissions in the Azure portal.

Step 3: Create a client secret in the Azure portal.

Step 4: Get the Azure AD connection settings; you will need this in the Identity Platform.

Step 1: Register the Identity Platform in Azure portal

To integrate Azure AD with the Identity Platform, you need to register the Identity Platform in the Azure portal.

  1. Log in to your Azure Account through the Azure portal.

  2. Select Azure Active Directory.

  3. Select App registrations.

  4. Select New registration.

  5. Set a Name and keep the default Supported account types selection option to a single tenant.

    60561025.png
  6. Click Register.

Step 2: Add API permissions

You will need to grant read and write permissions for the Identity Platform API calls to Azure AD.

  1. From the App registrations list, click name of the registered app that you just created.

  2. In the left pane, click API Permissions. Then, click Add a permission.

    60561030.png
  3. Select Microsoft Graph.

    60561037.png
  4. Click Delegated permissions. Then, scroll down to find and select the following check boxes:

    • Directory.AccessAsUser.All

    • Directory.Read.All

    • Directory.ReadWrite.All

    • User.Read

    • User.ReadWrite

      60561038.png
      60561039.png
  5. When you are done making your selections for delegated permissions, click Add permissions at the bottom of the page.

  6. Click Application permissions. Then, scroll down to find and select the following check boxes.

    • Directory.Read.All

    • Directory.ReadWrite.All

    • Group.Create

    • Group.Read.All

    • Group.ReadWrite.All

    • User.Read.All

    • User.ReadWrite.All

      60561041.png
  7. When you are done making your selections for application permissions, click Add permissions at the bottom of the page.

  8. View and verify the list of configured permissions and click Grant admin consent.

    60561043.png

Step 3: Create client secret

Create an application secret key so the Identity Platform can connect to Azure AD. You will need to copy and paste this client secret in the connection settings when you add the Azure AD data store in the Identity Platform.

  1. From the left pane, click Certificates & secrets. Then, click New client secret.

    60561066.png
  2. Add a description for the client secret and choose Never for the expiration.

    60561068.png
  3. Click Add.

  4. Copy the client secret key, before it gets masked when you leave the page.

    60561069.png
  5. From the left pane for this app registration, click Authentication.

  6. In the Advanced settings section, select Yes.

    60561071.png

Step 4: Get Azure AD connection settings

When you add an Azure AD data store in the Identity Platform, you will need to capture and provide the following information in the Identity Platform data store connection settings.

  • Azure Tenant Domain (for example, company.onmicrosoft.com)

  • Directory Tenant ID

  • Client ID

  • Client secret key (when you created a client secret key in the Azure portal, you should have copied this value)

Capture connection IDs in Azure portal

  1. Select Azure Active Directory.

  2. Select App registrations.

  3. From the list, click the application name link.

    60561095.png
  4. Hover your mouse to the right of the ID strings and select Copy to clipboard.

    60561099.png

Next steps

Add Azure Active Directory data store