Azure AD as a Source for Users in the ARM

The ARM allows you to access Azure AD natively and to add users from it. ‘Azure AD Domain Services’ is used as the interface between Azure AD and regular LDAP protocol to access users from Azure AD (without interfacing Azure AD with the REST API).

Microsoft’s Graph API v.1.0 is used to retrieve users and the groups in which they’re members. These users are treated as regular users in the ARM and can be used for regular operations - such as Users Groups.

The ARM supports most Azure AD flavors such as B2C and to a certain extent B2B (due to limitations in Microsoft’s Graph API, for example, B2C doesn’t support mapping of the “memberOf” attribute).

➢

To add the Azure AD to ARM:

1.

Register the ARM as an application and provide the ARM with the following information (as described previously):

●

Tenant ID

●

Client ID

●

Client secret

You can also define parameters such as the frequency (in days) and the time, for the synchronization process.

2.

Open the Servers page (Users > Servers).

3.

Click the add icon + and from the drop-down, select Azure AD.

4.

Provide information from Azure as shown Configuring the ARM in the Azure Portal and then perform Test connectivity to test the connection. Optionally, use the search filters under the Filter group ('Filter query', 'Fetch all groups ...', 'Group Filter query', and 'Enable advanced query capabilities') according to Microsoft Graph-API guidelines. The parameters under Azure AD Scheduling Settings (under ‘Updates’) are related only to full synchronization.

5.

After successfully connecting to Azure AD, map the local properties to the values from Azure AD; the ‘Azure AD Mapping’ drop-down fields display the relevant attributes from the Azure AD.

Azure AD Mapping