Edit

Azure AD

Overview

This document describes a brief overview of the functionality and the requirements of AzureAD Oauth connector.

Setup

  1. In your Microsoft Azure UI, navigate to the Azure Active Directory service.

  2. In App registrations, create a new app.

Create a New Azure AD Application

  1. From there copy the following information.

    1. Client Id:

Client ID

b. Tenant ID:

Tenant ID

  1. From the Endpoints copy the following:

OAuth 2.0 authorization endpoint (v2) & OAuth 2.0 token endpoint (v2)

  1. You will also need a Client Secret. To get it, open the Certificates & Secrets page and click New Client Secret:

New Client Secret

  1. Copy the generated value:

  2. Finally, you will need to set the redirect URL. Click on the redirect URLs:

Choose the Redirect URL

  1. And add the redirect url:

Set the Redirect URL

https://<tenantId>.login.aisera.cloud/?id=aisera.oauth.oauthCommand where instead of <tenantId> you will insert your company's tenant id, that you received from your Aisera team.

  1. Assign the API permission.

Assign API Permissions/Token

  1. Click Add permissions and select Microsoft Graph in the API permissions screen.

Set API Read/Write Permissions

Create the Azure Integration:

  1. In the Aisera Admin UI, navigate to Settings > Integration > New Integration.

  2. Search for and select Azure Active Directory.

  3. Click Next.

Choose Azure Active Directory

  1. Enter the configuration details:

    1. Name - Enter a Name for the Integration.

    2. Endpoint - Enter the of your Azure AD application.

    3. Public - Determines whether the integration can be used outside the firewall.

    4. Description - Enter the description (Optional).

Configuration Details - Step 2

  1. Enter the Authentication Details:

    1. Authorization URL - Value from the OAuth 2.0 authorization endpoint (v2) and append the scope parameter: Example: Add the following command after the tenant URL, within the Administration URL field. ?scope=offline_access%20Device.Read.All%20Device.Command The scopes chosen in the example above are:

      1. offline_access (you should always add this scope)

      2. Device.Read.All Device.Command separated with space (encoded as %20). You may choose any additional permission/scope you want depending on your use case.

    2. Client ID - You will insert the value you copied on step 1a).

    3. Client Secret- Insert the value from step 2.

    4. Access Token URL - Add the OAuth 2.0 token endpoint (v2) that you created previously.

Integration Configuration Step 3

  1. Click OK and you will be prompted to authorize:

Have the Aisera Service User who is authorized to log into the customer's data source to finalize the authorization procedure.

Use Query Scripts in Azure AD Data Source Configuration

The Azure AD Connector supports arbitrary query parameters, specifically the select and expand parameters, for API calls within the Custom Query field of the Data Source Configuration window in the Aisera Admin UI.

This allows you to define arbitrary query parameters for each content type (such as User or UserProfile) separately.

{
  "User": {
    "$select": "id, name, country",
    "$expand": "transitiveMemberOf"
  },
  "UserProfile": {
    "$select": "id, name, country",
    "$expand": "transitiveMemberOf"
  }
}

Arbitrary query parameters are values that are not explicitly defined or expected in the API's specification. These parameters provide you with greater flexibility and control over the data retrieved from Azure AD.

You can specify your own values for both $expand and $select, to enable more tailored and efficient data synchronization.

User Privileges required or Oauth Authorization

For delegated scenarios where an admin is acting on another user, the admin needs one of the following Azure AD roles:

  • Global Administrator

  • Privileged Authentication Administrator

  • Authentication Administrator

PreviousSetting Up AWS Connect with AiseraNextActive Directory Connector

Last updated

Was this helpful?