Registering an Azure AD app - Card Synchronization 3.4.0

Card Synchronization Plugin Guide 3.4.0

Applies to
Card Synchronization 3.4.0
Last updated
2023-04-17
Content type
Guides > Plugin and extension guides
Language
English
Product
Card Synchronization
Version
3.4

Before you can import entities from Azure Active Directory (AD) into Security Center, you need to register an application and give it the required permissions.

Before you begin

To integrate your Azure Active Directory with the Card Synchronization plugin:
  • Ensure that you have an Azure account with an active subscription and an Azure AD tenant.
  • Ensure that you have administrator rights to your Azure tenant.
  • You must understand your organization's Azure Active Directory architecture.
  • You must consult with your organization's Azure specialist before proceeding.
    CAUTION:
    Azure is a Microsoft product. The steps below provide guidelines for configuring your existing Azure Active Directory for use with our Card Synchronization plugin. Incorrect configuration of Azure settings can disrupt the other Azure services in your organization. For this reason, it is a best practice to consult your organization's Azure specialist before proceeding.

What you should know

The application registration in Azure Active Directory provides the Client ID and Key, which are required to create the Azure AD data source in the plugin role.
NOTE: All images show sample data.

Procedure

  1. Go to the Azure portal at https://portal.azure.com/ and log in using your Office365 user account.
  2. From the Home page, click Azure Active Directory.
  3. Register the Card Synchronization plugin as an app with the Microsoft identity platform.
    1. Register an app.
      NOTE: You do not need to add a redirect URI nor configure the platform settings.
    2. Add a client secret and record the secret's value for later use in the Card Synchronization plugin role - the secret is never displayed again after you leave this page. If the secret key is lost, you need to create a new client app and secret key.
  4. Configure an application to expose the plugin's web API.
  5. Grant read permissions to the web API as follows:
    • Microsoft Graph:
      • Application.Read.All (Application)
      • Directory.Read.All (Application)
      • User.Export.All (Application)
      • User.Read.All (Application)
    IMPORTANT: If you have updated your Card Synchronization plugin from an earlier version, be aware that these privileges have changed since Card Synchronization plugin 3.2. Verify your privileges to make sure the plugin works properly.
    The Azure Permissions screen.
  6. Click Grant admin consent for [YourApp].
    NOTE: You must grant admin consent for your app to get Azure AD access.

    Granting permissions.
  7. On the screen that opens, click OK.

Results

Your Azure data source is ready for synchronization with the plugin.