Azure Active Directory Integration in Enterprise+

Introduction

This feature allows for a seamless integration between Enterprise+ and Azure Active Directory, providing a new way to download and create users in Enterprise+ automatically.

This feature can also be used to create or update accounts.

• Fields: UserName, FirstName, LastName and email.

Settings in Azure Active Directory

At this time, the Genius development team must configure some information from Azure Active Directory manually, but in the future, the user will be able to configure this themselves.

For Azure Active Directory, the Genius team needs 4 pieces of information to enable the feature.:

1. Tenant Id

In Azure Active Directory (Azure AD), the Tenant ID, also known as the Directory ID, is a unique identifier for a specific Azure AD tenant. An Azure AD tenant represents an organization or a single instance of Azure AD, and it's created when the organization first signs up for Azure.

To get this information, you should follow these steps in Azure Active Directory:

1. Open the Portal Azure (https://portal.azure.com).
2. Go to the Azure Active Directory Resource.
3. Copy the Tenant ID value.

2. Client Id (also known as Application ID)

The Client ID is a unique identifier assigned to an application when it is registered in Azure AD. It serves to identify the application when it interacts with Azure AD. The Client ID is often used as part of the authentication process to identify the application making the request.

To get this information, you should follow these steps in Azure Active Directory:

1. Open the Portal Azure (https://portal.azure.com).
2. Go to the Azure Active Directory Resource.
3. In the left menu, go to the menu “App Registrations”.
4. Create a new registration.
5. Copy the Application (Client) ID.

3. Client Secret (also known as Application Secret or Client Key)

The Client Secret is a secure string that acts as a password or key for the application. It is used to authenticate the application when making requests to Azure AD or accessing protected resources. The Client Secret is generated during the application registration process and is kept confidential to ensure the security of the application.

To get this information, you should follow these steps in Azure Active Directory:

1. Open the Portal Azure (https://portal.azure.com).
2. Go to the Azure Active Directory Resource.
3. In the left menu, go to the menu “App Registrations”.
4. Select the App created in the step above.
5. Open the link in the Client credentials.
6. Go to the tab Client Secrets.
7. Add new secret.

4. Allowed Domains

We can filter users attempting to access Azure Active Directory.

For example, a client might not want to import users whose domain contains “@hotmail.com”. So, this property will filter those users from the job that will accept the users.

Example: “@hotmail.com,@gmail.com”

Configure Application Permissions

1. Still in the Azure Portal, in the left navigation pane, click on "Azure Active Directory".
2. Click on "Permissions explorer" to configure the necessary permissions for the application.
3. Select "Other category" and search for "Microsoft Graph".
4. Select "Microsoft Graph" from the results and then select the appropriate permissions for your application. For example, you can select "Directory.Read.All" to read directory information. Your screen will likely look like this.

1. Click on "Add permissions" to save the changes.

How to Configure in Enterprise+

Client Settings

At this time, the developer team should receive these 4 pieces of information from the Client, and it will be added in the job configuration manually.

Job Configuration

After this information is added by the developer, the client needs to go to the Admin Tab and open the Edit Jobs page. Here it will be possible to create/edit the job “ActiveDirectory.Azure.StartFunction” to be scheduled as needed.