Azure Active Directory Overview

Microsoft Azure Active Directory Identity Collector supports standard OAuth 2.0 Authorization for the Azure AD connector.

The authorization sequence directs the user through a standard Microsoft O365 consent flow. This grants the File Access Manager Azure AD Connector application the privilege to acquire and refresh access tokens for the relevant Tenant/ Domain. This is a similar configuration to other cloud connectors (like OneDrive).

General Details

To create or edit an Azure Identity Collector:

1. Open the Identity Collectors panel by navigating to Admin > Identity Collectors.
2. Select Create New to open the Identity Collector Configuration Wizard.
3. Select Azure Files for the type.
4. Provide a name for the Identity Collector you are creating.

Connection Details

1. Enter a valid Tenant Domain Name. Once entered, select the check mark to the right of the field.
2. Select the link under Authorization Page to enter the username and password. The user will then retrieve an authorization code.
3. When the File Access Manager Cloud Application Authorization Service window displays, copy the code provided.
4. Paste the copied code into the Azure Authorization Code field.

Users Collection

1. Verify that the system retrieved the requested data successfully.

2. Select Yes or No to join this Identity Collector with any existing data sources. A user may want to join data sources in order to gain additional attributes that can be configured to the Identity Collector.

   If you select No to joining data sources, select Next to be taken to the Dynamic Field Mapping screen, which is optional.

   If you select Yes to joining data sources, you can use one of the Identity Collector fields as the local key to gather additional user fields from other data sources by joining those data sources.

Join Data Sources – Users

Complete the following:

1. Select the desired data source you want to join with from the first dropdown.
2. Select a Local Key you want to join.

3. Select a Remote Key you want to join it to.

   Note

   Select the plus icon to join more data sources.

4. Select Next.

Dynamic Field Mapping (Users)

This feature allows the user to rename the previously fetched properties by mapping them to a dictionary field, and therefore changing their name.

Note

Dynamic Field Mapping is not mandatory.

1. To create a new data dictionary field, use the link provided. Once created, select Refresh to have the new data dictionary field display in the User Dictionary Field dropdown.

2. From the Users Dictionary Field dropdown, select a mapped property.

3. From the Mapped Field dropdown, select a value that is to be mapped to the new data dictionary field.

   Note

   To add more dictionaries, select the plus icon.

4. Select Next.

Group Collection – Azure

Verify that the system has successfully retrieved the requested data.

Note

For the Azure group data sample, File Access Manager displays each record of the sample data twice.

1. Select Yes or No to join this Identity Collector with any existing data sources. Joining data sources allows you to access additional attributes that can be configured for the Identity Collector.

   If you select No to joining data sources, select Next to proceed to the optional Dynamic Field Mapping screen.

   If you select Yes to joining data sources, you can use one of the Identity Collector fields as a local key to gather additional group fields from other data sources.

Join Data Sources – Groups

Complete the following steps:

1. From the first dropdown, select the desired data source you want to join with.
2. Select a Local Key to join.

3. Select a Remote Key to join it to.

   Note

   Click the plus icon to join additional data sources.

4. Select Next.

Dynamic Field Mapping (Groups)

This feature allows the user to rename the previously fetched properties by mapping them to a dictionary field, effectively changing their name.

Note

Dynamic Field Mapping is not mandatory.

To create a new data dictionary field:

1. Use the link provided.
2. Once created, click Refresh to have the new data dictionary field display in the Group Dictionary Field dropdown.
3. From the Groups Dictionary Field dropdown, select a mapped property.
4. From the Mapped Field dropdown, select a value that is to be mapped to the new data dictionary field.

Note

To add more dictionaries, select the plus icon.

Select Next.

Final Configurations

On the final screen of the Identity Collector Wizard, the user can set a few final configurations and define the scheduler task.

Users Collection

The following final configurations are optional:

• Unique User Accounts Mapping: This feature is used to connect the Authentication Store Identity Collector to other Identity Collectors by setting the Same User Field between two or more Identity Collectors, primarily for cloud Identity Collectors. This extends the Access Request's Usage List.

Scheduler

If you wish to create a scheduled task, check the Create a Schedule toggle and complete the following:

1. Provide a name for the schedule.

2. The Scheduler is Active by default. If you wish to turn the scheduled task inactive, switch the toggle to Inactive.

3. If you want to start the Identity Collector process immediately, select Schedule. If you want to schedule the Identity Collector after a specific task completes, select Run After.

   Note

   If Run After is selected, all Schedule options will disappear.

4. Select how frequently you want the Identity Collector task to run:

   • Once – One-time run. Verify the date selected is in the future.
   • Hourly – Select the time and date for the run. Verify the date selected is in the future. Either select a specific end date or select Never.
   • Daily – Same as hourly.
   • Weekly (Set as default) – Select a day or multiple days for recurring runs. Either select a specific end date or select Never.
   • Monthly – Same as hourly.
   • Quarterly – Same as hourly.
   • Half Yearly – Same as hourly.
   • Yearly – Same as hourly.

5. If you want the task to end on a specific future date, select On and then provide the ending date. If the task should run without an end date, select Never.

6. Select Save to store the Identity Collector without running synchronization or select Save & Run to create and synchronize the Identity Collector.