Azure Active Directory Integration

Cover Letter

This document is a guide for Integrating the azure active directory users to Infoshield.

Azure Integration Requirements

Please provide the below requirements. note: you will need Application administrator, Application developer, or Cloud application administrator roles. To do the below Requirements:

• Application ID
• Application Key which is a secret value
• Azure AD Tenant ID
• OneDrive for Business URL

Flowchart Azure Integration

We will integrate with Office 365 to sync users using graph APIs, and to authenticate these users using OpenID connect. 

Figure 1 sync users

Figure 2 Authenticate users

Get started

To integrate with Office 365, we have to create an app in Azure AD and give require permissions and a secret key (since our use case is only syncing users, I will list the required permissions to sync only)

First, click on azure active directory or search for azure active directory.

login to azure portal https://portal.azure.com/

Find Tenant ID

After visiting the azure active directory. In overview you can find the Tenant ID. 

Create Azure AD App

To create an app, login to azure portal https://portal.azure.com/ , in the search bar, type Azure 

Active Directory Then, on left navbar click on App registrations. And then click on new registration to create a new App registration.

(note: you will need Application administrator, Application developer or Cloud application administrator roles)

Enter a name and the redirect URI for Web platform (IMPORTANT! This should be the URL to infoshield with “/auth/iomadoidc/” postfixed. e.g. https://test.infoshield.sa/auth/iomadoidc/ . note: please use your subdomain here. Replace the test with your domain) 

https://x.infoshield.sa/auth/iomadoic/

Get Application (Client) ID

on left navbar click on Overview. Then copy the Application (Client) ID.

Configure the API permissions

After registering the app, go to API permissions -> Microsoft Graph -> Application permissions.

Click on Add a permission, click on Microsoft Graph then click on Application Permissions, and Search and select the following permissions:

• User.Read.All
• Directory.Read.All

After adding the permissions, admin consent is required. Click on Grant Admin consent.

Configure the authentication

Moreover, as we are using this app for authentication, you need to go to Authentication -> Select the tokens you would like to be issued by the authorization endpoint then click on both access tokens and ID tokens then click save.

Finally, you will need to create a secret from Certificates & secrets -> new client secret 

Create a secrets

Go to Certificates & secrets. Then Click on New Client secret. On description write any name, and expired date.

After creating the secret. copy the secret value. Which you need to put it in Infoshield Application key.

Summary

Now you should have the below:

• Tenant ID
• Application ID
• Application Key (secret)
• You should provide the Onedrive url.

Infoshield Configuration

As Company manager or Admin go to Dashboard users -> Microsoft Office 365 Integration. 

Make sure to put the value on the right fields.

Enter your tenant ID and OneDrive URL