Azure Provisioning

Cymmetri Platform allows for pre-configured provisioning settings for Azure Portal.

For Azure integration we need an azure enterprise account with its own domain configured in the Azure AD.

1. Refer following document to configure azure application

2. Azure Document https://connid.atlassian.net/wiki/spaces/BASE/pages/308674561/Azure [ConnID]
3. Create a new OAuth2 Application and provide the following configuration in Azure OAuth2 application.

4. Application will be created and now we will be able to configure.
5. Let us now click on Authentication tab on the left-hand side menu. We can choose account either in a single Organization Directory or multiple directory.
6. Click on Add a platform and we can add a new Redirect URI as “http://localhost”.
7. Further we can allow the Public Client flows.
8. Create a new Secret by first, clicking on Certificate and Secrets on the left-hand side menu, and then click on the “+ New Client secret” link, Enter Description and select the Expires option.
9. Provide the right permissions for the Connector to work by clicking on API Permissions tab on the left-hand side menu, then click on Add, then click on Microsoft Graph and then click on Application Permission and Delegated.
10. Search and select the following permissions/scopes in OpenID

    1. APIConnectors.Read.All

    2. Directory.ReadWrite.All

    3. OpenID

    4. PrivilegedAccess.Read.AzureAD

    5. User.ReadWrite.All

11. We need to take consent from admin for getting access to Microsoft Graph API, Click on add permission, Click on “Grant Admin content for Unotech Software”, and finally Click on Yes.
12. Click on Expose an API and Click on Set to expose the API to be used by the Azure API client on the connector.

Configuration on Cymmetri Identity Platform for Azure provisioning

1. Configure Azure user and server config as follows:
2. Configure the User Configurations

   1. Copy the application authority from the User Configure.

   2. Configure the Client ID.

   3. Configure the Client Secret.

   4. Configure the Domain from Azure Active Directory.
   5. Configure the Redirect URI exposed from the Azure AD.

   6. Graph API base endpoint (User Config Resource URI)

   7. Add the Azure Tenant ID

   8. Choose the base username.

Click on Save, and test the connection.