Registering an Azure AD app - Card Synchronization 3.2

Card Synchronization Plugin Guide 3.2

Product
Card Synchronization
Content type
Guides > Plugin and extension guides
Version
3.2
Language
English
Last updated
2023-04-17

Before you can import entities from Azure Active Directory (AD) into Security Center, you need to register an application and give it the required permissions.

Before you begin

  • An Azure account with an active subscription.
  • An Azure AD tenant.
  • You must have administrator rights to your Azure tenant.
  • You must understand your organization's Azure Active Directory architecture.
  • Consult with your organization's Azure specialist before proceeding.
    CAUTION:
    Azure is a Microsoft product. The steps below provide guidelines for configuring your existing Azure Active Directory for use with our Card Synchronization plugin. Incorrect configuration of Azure settings can disrupt the other Azure services in your organization. For this reason, it is a best practice to consult your organization's Azure specialist before proceeding further.

What you should know

The application registration in Azure Active Directory provides the Client ID and Key, which are required to create the Azure AD data source in the plugin role.
NOTE: All images show sample data.

Procedure

  1. Go to the Azure portal at https://portal.azure.com/ and log in using your Office365 user account.
  2. From the Home page, click Azure Active Directory.
  3. Register the Card Synchronization plugin as an app with the Microsoft identity platform.
    1. Register an app.
      NOTE: You do not need to add a redirect URI nor configure the platform settings.
    2. Add a client secret and record the secret's value for later use in the Card Synchronization plugin role - the secret is never displayed again after you leave this page. If the secret key is lost, you need to create a new client app and secret key.
  4. Configure an application to expose the plugin's web API.
  5. Grant read permissions to the web API as follows:
    • Microsoft Graph:
      • Application.Read.All (Application)
      • Directory.Read.All (Application)
      • User.Export.All (Application)
      • User.Read.All (Application)
    • Office 365 Exchange Online: User.Read.All (Application)
    The Azure Permissions screen.
  6. To add Azure Active Directory Graph permissions:
    1. Click Manifest.
      the Manifest screen.
    2. In the Required resources field, add the following code:
      {
          "resourceAppId": "00000002-0000-0000-c000-000000000000",
          "resourceAccess": [   
             {
                  "id": "c582532d-9d9e-43bd-a97c-2667a28ce295",
                  "type": "Scope"
              },
              {
                  "id": "5778995a-e1bf-45b8-affa-663a9f3f4d04",
                  "type": "Role"
              }   
          ]
      },
    the Manifest screen and added code block.
    1. Click Save.
  7. Click Grant admin consent for [YourApp]

    Granting permissions.

Results

You now have an Azure data source to synchronize with the Card Synchronization plugin.