Creating a Connector Application in Azure

The Connector application facilitates the integration of Azure Active Directory user and group data into IdentityIQ by providing the necessary permissions. It establishes communication with the corresponding Azure Active Directory application within IdentityIQ to initiate workflows for Access Request Approvals. These workflows are triggered using data, events, and resources within IdentityIQ.

Note: It is essential to follow the specified sequence of steps as mentioned in the document when creating the necessary applications for integrating IdentityIQ with Microsoft Teams. For a visual guide to the recommended setup order, refer to Best Practices for Configuring IdentityIQ Microsoft Teams.

Important: This guide ONLY provides instructions for configuring specific Azure component configurations required to support IdentityIQ’s Notifications and Access Request Approval work item features in Microsoft Teams. It is intended as an aid to implementers but should be used in conjunction with Microsoft’s official documentation to ensure access to the most accurate and up-to-date information. For broader information on Azure or general setup tasks related to Microsoft Teams and SSO, please refer to Microsoft's official documentation.

To register a connector application, perform the following steps:

1. Sign in to Azure portal and navigate to your Microsoft EntraID.

2. Under Manage > App registrations, select + New registration.

   

3. On the Registration page, provide the following details:

   

   1. Name – Provide a meaningful name for the application. See Best Practices for Configuring IdentityIQ Microsoft Teams to define an appropriate application name.

   2. Supported account types – Select Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant).

   3. Redirect URL (Optional) – Leave this field blank.

   4. Select Register.

4. Create a client secret for the application:

   1. In the left navigation, select Manage > Certificates and secrets.

   2. Under the Client secrets tab, select + New client secret.

   3. In the dialog that displays:

      

      1. Provide a Description for the secret.

      2. Select a time of expiration in Expires field.

      3. Select Add.

Note: Make a note of the Client Secret Value and Client Secret ID. These will be required when creating the Azure Active Directory application in IdentityIQ. See Creating an Azure Active Directory Application in IdentityIQ for details.

5. Configure API permissions:

   1. In the left navigation, select API permissions.

   2. Select + Add a permission.

   3. In the dialog that displays:

      

      1. Under the Microsoft APIs tab, select Microsoft Graph.

      2. Select Application permissions.

      3. Under Select permissions, search and add the following:

         • Application.Read.All

         • AppRoleAssignment.ReadWrite.All

         • Directory.ReadWrite.All

         • Group.Read.All

         • Group.ReadWrite.All

         • IdentityRiskEvent.Read.All

         • IdentityRiskyUser.Read.All

         • Organization.Read.All

         • RoleManagement.ReadWrite.Directory

         • User.Invite.All

         • User.Read.All

         • User.ReadWrite.All

      4. After selecting all permissions, select Add permissions.

Note: Ensure that all the above permissions are successfully added. These permissions are essential for the application to interact properly with IdentityIQ.

Once the permissions are granted, you will see the below screen.

You now have successfully created a Connector application in Azure. For next step, refer Creating a New Connector Group in Azure.