Skip to content

Azure AD Sync Registration

Note

This registration form covers the cross-domain identity management with Azure AD using Microsoft’s Graph API (aka Azure AD Sync of users and groups)

Azure AD Sync service synchronize Azure AD users with Sequel Security Services.

This document describes preliminary steps to be done by Sequel Clients to register an Application in Microsoft Azure for being used by Azure AD Sync service.

Registering Azure AD App at Azure

Registering an application in Azure is described at https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app.

This document tries to provide samples of the process. Please, keep in mind that Azure Portal UI could change since this document was released.

Required information

For registering an application in Azure we need the following information:

Application name

This is a friendly name for the application; we will suggest to use Sequel Security Azure AD Sync; but this can be changed and also it could include references to production or UAT environments (ie. Sequel Security Azure AD Sync - Production, Sequel Security Azure AD Sync - UAT).

Sequel Security Azure AD Sync

Register an application

As a summary of this process, we will have to perform the following steps:

  1. Sign in to the Azure portal.
  2. Select Azure Active Directory > App registrations. img
  3. Click on New registration.img
  4. Introduce required properties for the application.img
  5. Once previous step is completed we'll have TenantId and ClientId parameters required for configure Azure AD Sync service. img
  6. Now we're going to add a client secret in Certificates & secrets > New client secret img
  7. Then we'll have the ClientSecret parameter required for configure Azure AD Sync service. img
  8. Finally is necessary add additional permissions for the application in Api permissions > Add a permission. img Next permissions are required for Azure AD Sync service:
  9. Groups.Read.All: this permission is required to be able to read displayName and id properties for the groups associated to the users. This allows to Azure AD Sync service the matching between Azure AD groups an Security MembershipSets.img
  10. User.Read.All: this permissions is required for reading all basic properties for the users (id, mail, displayName, userPrincipalName, surname and accountEnabled) and the user's groups. These properties will be used to find matches between Azure AD users an Security users, create/update them and create/update their memberships. img
  11. Once the application has all the permission is ready to be used by Azure AD Sync service. img