Buy Now | Ask a Question

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

« Previous Version 21 Next »

Microsoft Graph API Connection Configuration

To integrate with Microsoft Entra ID (previously Azure AD), an application must be registered with an Entra ID tenant. Once you register the application, you can fill in the Application ID, Directory (tenant) ID, and Application Secret values for the Entra ID Connection Configuration.

You will need help from the Azure Admin in your organization for the following configuration.

  1. Login to Azure Portal (portal.azure.com)

  2. Select Microsoft Entra ID.

  1. Click "Add", then choose "App registration" from the options.

  1. Enter the Name, then click "Register"

  1. After registration, go to Overview:

  • Copy Application (Client) ID.

  • Copy Directory (Tenant) ID.

To generate an Application Secret:

  • Navigate to Add a certificates or secret.

  • Click New Client Secret → Set expiration → Copy the generated secret.

  1. Enter the description e.g. "Azure AD Importer for JSM Assets", choose the desired expiration date, and click "Add".

  1. Copy the "Value" of the newly created client secret.

Important: Ensure you copy the Value, not the Secret ID. The Value is required for authentication and will be hidden once you leave the page.

  1. Select the "API Permissions" menu on the left side, then click "Add a permission".

9- Select “Microsoft Graph” and add Directory.Read.All for the “Application” type.

Pro Tip:

To grant the minimum permissions, use:

  • User.Read.All

  • GroupMember.Read.All

If your environment has nested groups, where a parent group has sufficient access but a child group does not, you may encounter permission errors. In that case, use:

  • User.Read.All

  • Group.Read.All

  1. Ask your Azure Admin to provide consent for the required permission. The settings should be as follows:

  • Permission: Directory.Read.All

  • Type: Application

  • Admin Consent Requested: Yes

  • Status: Granted for <your organization>

See the example screenshot below:

This step is crucial, as we frequently receive customer tickets related to permission errors. The most common mistake Azure Admins make is selecting "Delegated" (the default) instead of "Application" as the permission type.

  1. Fill in the required fields under Azure Connection Settings in the Source tab of Azure AD Importer for JSM Assets. Then, click "Save & Check Connection" to confirm the configuration is successful.

File Explorer - Downloads - File Explorer - 7 February 2025 (2).mp4

  1. (Optional) You can apply filters for Users and Groups to reduce the number of imported records and focus on relevant data. For more details, visit: Filter

  2. Next configure the Destination settings.

  • No labels

Buy Now | Ask a Question