Registering an Entra ID app - Card Synchronization 4.0.0

Synergis™ Card Synchronization Plugin Guide 4.0.0

Product
Card Synchronization
Content type
Guides > Plugin and extension guides
Version
4.0
Release
4.0.0
Language
English
Last updated
2024-02-28

Before you can import entities from Microsoft Entra ID into Security Center, you need to register an application and give it the required permissions.

Before you begin

To integrate your Microsoft Entra ID with the Synergis™ Card Synchronization plugin:
  • Ensure that you have a Microsoft Entra account with an active subscription and an Entra ID tenant.
  • Ensure that you have administrator rights to your Entra ID tenant.
  • You must understand your organization's Entra ID architecture.
  • You must consult with your organization's Entra ID specialist before proceeding.
    CAUTION:
    Entra ID is a Microsoft product. The steps below provide guidelines for configuring your existing Microsoft Entra ID for use with our Card Synchronization plugin. Incorrect configuration of Entra ID settings can disrupt the other Entra ID services in your organization. For this reason, it is a best practice to consult your organization's Entra ID specialist before proceeding.
IMPORTANT: Content in this guide that references information found on third-party websites was accurate at the time of publication, however, this information is subject to change without prior notice from Genetec Inc.

What you should know

The application registration in Microsoft Entra ID provides the Client ID and Key, which are required to create the Entra ID data source in the plugin role.
NOTE: All images show sample data.

Procedure

  1. Go to the Azure portal and log in using your Office365 user account.
  2. From the homepage, click Azure Active Directory.
  3. Register the Card Synchronization plugin as an app with the Microsoft identity platform.
    1. Register an app.
      NOTE: You do not need to add a redirect URI or configure the platform settings.
    2. Add a client secret and record the secret's value for later use in the Card Synchronization plugin role - the secret is never displayed again after you leave this page. If the secret key is lost, you need to create a new client app and secret key.
  4. Configure an application to expose the plugin's web API.
  5. Grant read permissions to the web API as follows:
    • Microsoft Graph:
      • Application.Read.All (Application)
      • Group.Read.All (Application)
      • User.Read.All (Application)
    IMPORTANT: If you have updated your Card Synchronization plugin from an earlier version, these privileges have changed since Card Synchronization plugin 3.2. Verify your privileges to make sure the plugin works properly.
    The Azure Permissions screen.
  6. Click Grant admin consent for [YourApp].
    NOTE: You must grant admin consent for your app to get Entra ID access.

    Granting permissions.
  7. On the screen that opens, click OK.

Results

Your Azure data source is ready for synchronization with the plugin.