Prerequisites

Azure Management

• Ensure that a client application has been registered on your Azure Management portal as a web application or web API, and you have access to the Client ID and Client Secret for this application.

• Configure at least one virtual appliance cluster and successfully test the connection. For instructions, refer to the Virtual Appliance Reference Guide.

• For cloud management prerequisites and requirements, refer to Group Management for Azure Cloud Objects.

• To use Graph API, a client application must be registered on the Azure management portal. This application is responsible for calling Web APIs on behalf of the connector. The application's client ID and client secret key are required while configuring the application.

  To register an application on Azure, perform the following:

  1. User can use any of the following Azure management portal to do the configuration:
     https://portal.azure.com
     Or
     https://aad.portal.azure.com

  2. Select Azure Active Directory in the left pane.

  3. Select App registrations.

  4. Select New registration.

  5. On the Register an application page, in the Name field, enter the name of the application that you want to set up. For example, SailPointAzureADManagement.

  6. In the Supported account types, set up accounts based on users that are able to use that application or the API.

  7. (Optional) Set up the URL in Redirect URL, to have the successful response after authentication. You can use the following format: http://domainName/GraphWebapp

     Note
     The Azure Active Directory connector does not use the URL mentioned above, the above example is just a placeholder and does not impact functionality.

  8. Select Register. An application is created. On the Application page the Application (client) ID, and other details are displayed. Note down this ID.

  9. On the left-hand panel, select Certificates & secrets. On the Certificates & secrets page, in the Client secrets section, select New client secret.

  10. On the Add a client secret page, enter the Description to generate a secret, choose the validity duration in the Expires list. Select Add. Note down the value of the secret that you have just created.

Azure Active Directory

The required host values (https://<host>/) by the Azure Active Directory connector to interact with the managed system are as follows:

• https://graph.microsoft.com

• https://login.microsoftonline.com

  Note
  If you are using this option, refer to Azure Active Directory Endpoint Configuration topic for configuration details.