Azure Active Directory Integration

Azure Active Directory Integration


Introduction

This document is a guide for integrating the Azure Active Directory users into InfoShield.
Azure Integration Requirements

Please provide the below requirements. Note: You will need application administrator, application developer, or cloud application administrator roles. To do the below requirements:

  • Application ID
  • The Application Key is a confidential value.
  • Azure AD Tenant ID
  • OneDrive for Business URL

Flowchart Azure Integration

We integrate with Office 365 to sync users using graph APIs and to authenticate these users using OpenID Connect. 
Figure 1: sync users


Figure 2: Authenticate users

Get started

To integrate with Office 365, we have to create an app in Azure AD and give require permissions and a secret key (since our use case is only syncing users, I will list the required permissions to sync only). First, click on Azure Active Directory or search for Azure Active Directory. Login to the Azure portal at https://portal.azure.com/.

 

 Find Tenant ID

After visiting the Azure Active Directory. In the overview, you can find the Tenant ID.


Create Azure AD App

  1. To create an app, login to the Azure portal: https://portal.azure.com/.
  2. In the search bar, type Active Directory. Then, on the left navbar, click on App registrations. Then click on New registration to create a new app registration.
     
    (Note: You will need application administrator, application developer, or cloud application administrator roles.)
  3. Enter a name and the redirect URI for the web platform. (IMPORTANT! This should be the URL to infoshield with “/auth/iomadoidc/” postfixed. e.g. https://test.infoshield.sa/auth/iomadoidc/.
    (Note: Please use your subdomain here. Replace the test with your domain. https://x.infoshield.sa/auth/iomadoic/)

 


Get Application (Client) ID

On the left navbar, click Overview. Then copy the Application (client) ID.

 


Configure the API permissions

After registering the app, go to API permissions -> Microsoft Graph -> Application permissions.


 

 

Click on Add a permission, click on Microsoft Graph then click on Application Permissions, and Search and select the following permissions:

  • User.Read.All
  • Directory.Read.All

 

After adding the permissions, admin consent is required. Click on Grant Admin consent.



Configure the Authentication

Moreover, as we are using this app for authentication, you need to go to Authentication -> Select the tokens you would like to be issued by the authorization endpoint then click on both access tokens and ID tokens then click save.

 

 

Finally, you will need to create a secret from Certificates & secrets -> new client secret 

 

 

 

Create a Secret

Do the following to create a secret:
  1. Go to Certificates and Secrets.
  2. Choose New Client Secret from the tabs.
  3. On the description, write any name and expired date.

After creating the secret. Copy the secret value. Which you need to put in the InfoShield application key.


 

Summary

Now you should have the following information:

  • Tenant ID
  • Application ID
  • Application Key (secret)
  • You should provide the OneDrive URL.

 

Configuring InfoShield

To configure InfoShield successfully, please do the following:
  1. Go to Dashboard users => Microsoft Office 365 Integration => Setup.
  2. Make sure to do the following:
    1. Provide the correct Application ID.
    2. Provide the correct Application Key.
    3. Check the box for Application access.
  3. Then provide the following:
    1. Azure AD tenant ID.
    2. OneDrive Business URL.
  4. When done, click Save changes.

 

 

 


© 2024 Cerebra All Copyrights Reserved

    • Related Articles

    • ADFS (SAML) Integration

      This guide for integrating the authentication of ADFS Active Directory users to InfoShield. This document outlines the steps and considerations for a seamless integration process. Note: This integration only initiates authentication and doesn't ...

    • Fetch Azure users without service accounts

      In Azure integration, you can exclude service accounts, meeting rooms, and other accounts using User Creation Restriction by multiple fields, like the below image. We ignore accounts with an empty surname (.+) and then will not bring meeting rooms ...

    • Configure Policy

      Policy Manager Here you can create, edit, and delete policies and agreements for the users. To configure a policy, go to Configure Policy from the dashboard, New Policy, and set the status to active to activate the policy. If the policy is active and ...

    • How to login

      Login You can log in by visiting the login page www.infoshield.sa on the awareness platform and filling in the following fields: Email or username Password If you have an Azure account, skip the user and password fields. Instead, log in using the ...

    • Reports Guide

      Introduction InfoShield provides a comprehensive set of reports that would help in making decisions regarding the needed level of cybersecurity awareness in your company. The reports are accessible only by the company manager. Currently, the ...