Prerequisites

Azure Management

  • Ensure that a client application has been registered on your Azure Management portal as a web application or web API, and you have access to the Client ID and Client Secret for this application.

  • Configure at least one virtual appliance cluster and successfully test the connection. For instructions, refer to the Virtual Appliance Reference Guide.

  • Use certificate based authentication in Exchange Online as basic authentication is deprecated by Microsoft. For more information, refer to Certificate Based Authentication in Exchange Online Management.

  • For cloud management prerequisites and requirements, refer to Azure Cloud Object Management .

  • To use Graph API, a client application must be registered on the Azure management portal. This application is responsible for calling Web APIs on behalf of the connector. The application's client ID and client secret key are required while configuring the application.

    To register an application on Azure, perform the following:

    1. User can use any of the following Azure management portal to do the configuration:
      https://portal.azure.com
      Or
      https://aad.portal.azure.com

    2. Select Microsoft Entra ID in the left pane.

    3. Select App registrations.

    4. Select New registration.

    5. On the Register an application page, in the Name field, enter the name of the application that you want to set up. For example, SailPointAzureADManagement.

    6. In the Supported account types, set up accounts based on users that are able to use that application or the API.

    7. (Optional) Set up the URL in Redirect URL, to have the successful response after authentication. You can use the following format: http://domainName/GraphWebapp

      Note
      The Microsoft Entra ID connector does not use the URL mentioned above, the above example is just a placeholder and does not impact functionality.

    8. Select Register. An application is created. On the Application page the Application (client) ID, and other details are displayed. Note down this ID.

    9. On the left-hand panel, select Certificates & secrets. On the Certificates & secrets page, in the Client secrets section, select New client secret.

    10. On the Add a client secret page, enter the Description to generate a secret, choose the validity duration in the Expires list. Select Add. Note down the value of the secret that you have just created.

Microsoft Entra ID

The required host values (https://<host>/) by the Microsoft Entra ID connector to interact with the managed system are as follows: