Difference between revisions of "Azure Active Directory Connection"
(Created page with "==Instructions for setting up Azure Active Directory Connection== Head to '''Azure Active Directory dashboard''', click on '''Manage Azure Active Directory'''<br>File:Azure...") |
|||
(3 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
+ | ==What information gets synced in Azure -Users== | ||
+ | *Primary Email(not updatable, is only synced upon user's first sync) | ||
+ | *Other Email addresses | ||
+ | *Name | ||
+ | *Last Name | ||
+ | *Username | ||
+ | *SIS ID | ||
+ | *Fax Number (will be synced through if their is an existing value in a Cloudwork User's Custom Attribute) | ||
+ | *Department (will be synced through if their is an existing value in a Cloudwork User's Custom Attribute) | ||
+ | *Business Phones (will be synced through if their is an existing value in a Cloudwork User's Custom Attribute) | ||
+ | *Number of groups the synced user is apart of | ||
+ | |||
+ | ==What information gets synced in Azure -Groups== | ||
+ | *Group Friendly Name | ||
+ | *Description | ||
+ | *Number of users | ||
+ | *Number of teachers | ||
+ | *list of teachers | ||
+ | *list of members | ||
+ | |||
+ | ===What conditions need to be met before a group can be synced into Azure=== | ||
+ | Groups will be synced as long as: | ||
+ | *In the '''Cloudwork Dashboard'''>'''External Domains'''>'''Azure Active Directory'''>domain>'''Domain settings'''>'''Maintain Groups''' is set to yes | ||
+ | *In '''Cloudwork Dashboard'''>'''Groups'''>group you wanted synced to Azure>'''Edit group'''>'''Friendly Name''' | ||
+ | *:'''Friendly Name''' has no special characters in its name | ||
+ | *:'''In Group Types''', '''Synced to Azure''' is selected | ||
+ | |||
==Instructions for setting up Azure Active Directory Connection== | ==Instructions for setting up Azure Active Directory Connection== | ||
Line 13: | Line 40: | ||
Name the application and register. | Name the application and register. | ||
− | On the registered app page, click on '''Certificates and secrets''' | + | On the registered app page, click on '''Certificates and secrets'''<br>[[File:Azure_4.png|1500px]] |
− | [[File:Azure_4.png|1500px]] | ||
− | Add a new secret by clicking '''New Client Secret''' and save the secret value for future use. | + | Add a new secret by clicking '''New Client Secret''' and save the secret value for future use.<br>[[File:Azure_5.png|1500px]] |
− | [[File:Azure_5.png|1500px]] | ||
− | Click on '''API permissions''' | + | Click on '''API permissions'''<br>[[File:Azure_6.png|1500px]] |
− | [[File:Azure_6.png|1500px]] | ||
− | Add permission and select '''Microsoft Graph API''' | + | Click '''Add a permission''' and select '''Microsoft Graph API'''<br>[[File:Azure_7.png|1500px]] |
− | [[File:Azure_7.png|1500px]] | ||
− | Add the following permissions separately: | + | Add the following permissions separately:<br> |
− | + | '''Delegated permissions''' | |
*Application.Read.All | *Application.Read.All | ||
*Application.ReadWrite.All | *Application.ReadWrite.All | ||
Line 51: | Line 74: | ||
− | Application permissions | + | '''Application permissions''' |
*Application.Read.All | *Application.Read.All | ||
*Application.ReadWrite.All | *Application.ReadWrite.All | ||
Line 68: | Line 91: | ||
*User.ReadWrite.All | *User.ReadWrite.All | ||
− | Grant admin consent | + | Grant admin consent by clicking '''Grant admin consent for Studentnet'''<br>[[File:Azure_8.png|1500px]] |
− | [[File:Azure_8.png|1500px]] | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | Permission granted<br>[[File:Azure_9.png|1500px]] | |
− | [[File: | ||
+ | Head to '''Cloudwork dashboard'''>'''External Domains'''>'''Azure Active Directory'''>'''Add new'''<br>[[File:Azure_10.png|1500px]] | ||
+ | *'''App Object ID''': Object Id for the registered app<br> | ||
+ | *'''Client Id''': Application Id for the registered app<br> | ||
+ | *'''Tenant Id''': Tenant Id<br> | ||
+ | *'''Client secret''': secret value saved before<br> | ||
− | + | If the secret is going to expire, there will be a warning message with the days to expire<br>[[File:Azure_11.png|1500px]] | |
− | |||
− | |||
− | |||
− | + | To renew the secret, head to '''Home''' > '''App registration'''<br>[[File:Azure_12.png|1500px]] | |
− | [[File: | ||
− | + | Click on to the app used in Cloudwork, and head to '''Certificates & secrets''', remove the expired secret and add a new secret, then paste the secret to Cloudwork<br>[[File:Azure_13.png|1500px]] | |
− | [[File: | ||
− | + | [[Category:Cloudwork Dashboard]] | |
− | [[ |
Latest revision as of 07:31, 6 September 2023
Contents
What information gets synced in Azure -Users
- Primary Email(not updatable, is only synced upon user's first sync)
- Other Email addresses
- Name
- Last Name
- Username
- SIS ID
- Fax Number (will be synced through if their is an existing value in a Cloudwork User's Custom Attribute)
- Department (will be synced through if their is an existing value in a Cloudwork User's Custom Attribute)
- Business Phones (will be synced through if their is an existing value in a Cloudwork User's Custom Attribute)
- Number of groups the synced user is apart of
What information gets synced in Azure -Groups
- Group Friendly Name
- Description
- Number of users
- Number of teachers
- list of teachers
- list of members
What conditions need to be met before a group can be synced into Azure
Groups will be synced as long as:
- In the Cloudwork Dashboard>External Domains>Azure Active Directory>domain>Domain settings>Maintain Groups is set to yes
- In Cloudwork Dashboard>Groups>group you wanted synced to Azure>Edit group>Friendly Name
- Friendly Name has no special characters in its name
- In Group Types, Synced to Azure is selected
Instructions for setting up Azure Active Directory Connection
Head to Azure Active Directory dashboard, click on Manage Azure Active Directory
Come to the tenant and click on App registration
Name the application and register.
On the registered app page, click on Certificates and secrets
Add a new secret by clicking New Client Secret and save the secret value for future use.
Click Add a permission and select Microsoft Graph API
Add the following permissions separately:
Delegated permissions
- Application.Read.All
- Application.ReadWrite.All
- Directory.AccessAsUser.All
- Directory.Read.All
- Directory.ReadWrite.All
- Domain.Read.All
- Domain.ReadWrite.All
- Group.Read.All
- Group.ReadWrite.All
- GroupMember.Read.All
- GroupMember.ReadWrite.All
- User.ManageIdentities.All
- User.Read
- User.Read.All
- User.ReadBasic.All
- User.ReadWrite
- User.ReadWrite.All
Application permissions
- Application.Read.All
- Application.ReadWrite.All
- Application.ReadWrite.OwnedBy
- Directory.Read.All
- Directory.ReadWrite.All
- Domain.Read.All
- Domain.ReadWrite.All
- Group.Create
- Group.Read.All
- Group.ReadWrite.All
- GroupMember.Read.All
- GroupMember.ReadWrite.All
- User.ManageIdentities.All
- User.Read.All
- User.ReadWrite.All
Grant admin consent by clicking Grant admin consent for Studentnet
Head to Cloudwork dashboard>External Domains>Azure Active Directory>Add new
- App Object ID: Object Id for the registered app
- Client Id: Application Id for the registered app
- Tenant Id: Tenant Id
- Client secret: secret value saved before
If the secret is going to expire, there will be a warning message with the days to expire
To renew the secret, head to Home > App registration
Click on to the app used in Cloudwork, and head to Certificates & secrets, remove the expired secret and add a new secret, then paste the secret to Cloudwork