Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Microsoft Graph API Connection Configuration

To integrate with Microsoft Entra ID (previously Azure AD), an application must be registered with an Azure AD Entra ID tenant. Once you register the application, you can fill in the Application ID, Directory (tenant) ID, and Application Secret values for the Azure Entra ID Connection Configuration.

...

1- Login to Azure Portal (portal.azure.com)

2- Select Azure ADMicrosoft Entra ID.

Image Removed
Image Added

3- Click “Add” and select “App registration”

Image Modified

4- Add the “Name” and click the “Register” button.

Image Modified

5- Note down “Application (client) ID” and “Directory (tenant) ID” and click “Add a certificate or a secret” on the right side.

Image Modified

6- Add the description “Azure AD Importer for JSM Assets”, set the expiration date as you wish, and click the “Add” button below.

Image Modified

7- Copy the “Value” of the new client secret.

Image Modified

8- Select the “API Permissions” menu on the left side and click “Add a permission”.

Image Modified

9- Select “Microsoft Graph” and add Directory.Read.Allfor the “Application” type. And make .

Info

Pro Tip: If you want to grant the minimum permissions, then you can use the following:

User.Read.All and GroupMember.Read.All

If there are nested groups in your environment where the parent group, a group that possesses other groups as members, has sufficient permission that the application can access, but the child group, a group that is a member of another group, doesn't, it causes failure in accessing both the child and the parent groups. You may get a permission error for the groups. Then please use the following permissions:

User.Read.All and Group.Read.All

Image Added

10- Make sure your Azure Admin provides consent for the permission.

...

10The screen needs to be as follows.

Permission: Directory.Read.All

Type: Application

Admin consent requested: Yes

Status: Granted for <your definition>

An example screenshot is provided below:

Image Added
Note

Just wanted to highlight that this step is important and we receive tickets from our customers regarding permission errors. Most common mistake done by Azure Admins is defining the type as “Delegated” which is the default, instead of “Application”.

11- Fill in the appropriate fields of Azure Connection Settings in the Configuration tab of Azure AD Importer for JSM Assets. Click “Save & Check Connection” to verify the configuration is successful.

Image Removed
Image Added
Note

We previously had customers writing the Secret ID instead of the Secret Value. Please make sure you use the Application Secret Value. Otherwise, you may get an Error as below:

Screenshot 2024-10-07 at 16.35.18.pngImage Added

12- Optionally, you can set filters for the Users and Groups. This way you can decrease the number of records you are importing and focus only on the relevant data. For more details: Filter

13- Now configure the Destination