Microsoft Entra ID (Azure Active Directory) - Connector Builder
Connector Information
Microsoft Entra ID (Azure Active Directory) is a cloud-based identity and access management solution. It is a directory and identity management service that operates in the cloud and offers authentication and authorization services to various Microsoft services such as Microsoft 365, Dynamics 365, and Microsoft Azure.
ASM can connect via the Alemba Connector builder. The pull of information is controlled by the scheduling option within the System and the security set by your Azure Administrators.
Authentication and Security
In the Application Registration (for the Microsoft Graph Security), ensure you have application Permissions configured with:
User.Read.All
Directory.Read.All
Prerequisites
You must have at least ASM 10.6.5 installed with the connector builder functionality.
System Access Requirement
Application ID
Client Secret value (not the client secret ID)
Client_Credentials Access is required
Helpful Links
Known Issue: Incorrect Data is populated in ASM from Azure AD when using the Connector Builder
Root Cause: Enabling "Display Cached Resource Properties in Search Results" in the integration settings can cause issues where the cached values are not cleared when a value on the next record is empty or null.
Fix: Disable "Display Cached Resource Properties in Search Results" in the integration settings.
Configuring the Connector Builder for Entra ID/Azure Active Directory
Below are examples of the parameters you will want to populate in the connector builder for the Entra ID Azure Active Directory mapping.
Access the Connector Builder: System Admin>Integration>Connector Builder
Click "Add Connector" to add a new connector
Enter the details (See sections below for details and examples)
Connector Builder Name: Microsoft Entra ID
Authentication Type: OAuth
Configure Resource Settings, click the "+" to add a Resource
Click the "New Resource" Link to expand and enter the details
Resource Display Name: User
Resource Id: user_1
Resource Category: Person
Resource Description: User in Microsoft Entra
Complete the queries as follows:
All
Query: All
URL: v1.0/users?$select=id,createdDateTime,displayName,givenName,department,companyName,streetAddress,surname,city,userType,jobTitle,mail,mobilePhone,officeLocation,postalCode,streetAddress,state,userPrincipalName,accountEnabled &$expand=manager($levels=1;$select=id,displayName,userPrincipalName)
Nested Objects: value
Paged? True
Starting Page No: 0
Page Size: 100
Next Page Property: @odata.nextLink
Search
Query: Search
URL: v1.0/users?$select=id,createdDateTime,displayName,givenName,department,companyName,streetAddress,surname,city,userType,jobTitle,mail,mobilePhone,officeLocation,postalCode,streetAddress,state,userPrincipalName,accountEnabled&$expand=manager($levels=1;$select=id,displayName,userPrincipalName)&$filter=startswith(displayName,'@SEARCHTEXT')
Nested Objects: value
Paged? False
Retrieve
Query: Retrieve
URL:v1.0/users/@UNIQUEID?$select=id,createdDateTime,displayName,givenName,department,companyName,streetAddress,surname,city,userType,jobTitle,mail,mobilePhone,officeLocation,postalCode,streetAddress,state,userPrincipalName,accountEnabled&$expand=manager($levels=1;$select=id,displayName,userPrincipalName)
Nested Objects Paged? False
Complete the Resource Details
Setup fields, Click the "New Fieldset" link
Fieldsets Details
Fieldset id: User Details
Type: Mapped**
Set the field set type for the User type to be "Mapped" instead of "Relative" (the default value). This will ensure the cached values are not retained during the scan.
Add fields to the fieldset, Click the "+" to add a new Field
Click the "+" to repeat and add a new row for all fields you need to add to this fieldset
Fields Details
Field ID: id
Field Display: ID
Data Type: String
Field ID: displayName
Field Display: Display
Data Type: String
Field ID: createdDateTime
Field Display: Created
Data Type: String
Field ID: givenName
Field Display: Given Name
Data Type: String
Field ID: department
Field Display: Department
Data Type: String
Field ID: surname
Field Display: Surname
Data Type: String
Field ID: city
Field Display: City
Data Type: String
Field ID: userType
Field Display: User Type
Data Type: String
Field ID: jobtitle
Field Display: Job Tilte
Data Type: String
Field ID: mail
Field Display: Email
Data Type: String
Field ID: mobilePhone
Field Display: Mobile Phone
Data Type: String
Field ID: officeLocation
Field Display: Office Location
Data Type: String
Field ID: postalCode
Field Display: Postal Code
Data Type: String
Field ID: accountEnabled
Field Display: Account Enabled
Data Type: Boolean
Field ID: streetAddress
Field Display: Street Address
Data Type: String
Field ID: state
Field Display: State
Data Type: String
Field ID: userPrincipalName
Field Display: User Principal Name
Data Type: String
Field ID: Manager/id
Field Display: Manager ID
Data Type: String
Field ID: manager/displayName
Field Display: Manager Display Name
Data Type: String
Field ID: manger/userPrincipalName
Field Display: Manager User Principal Name
Data Type: String
Field ID: CompanyName
Field Display: CompanyName
Data Type: String
Field ID: streetAddress
Field Display: streetAddress
Data Type: String
Field ID: telephoneNumber
Field Display: Telephone Number
Data Type: String
Field ID: mobile
Field Display: Mobile
Data Type: String
Link Settings
This section is not applicable to the AD configuration. If you need more information about Link Settings, please contact Alemba Support for assistance.
Save your new Connector
Configure your Source
Navigate to System Admin>Integration>Sources
Click the Add icon to add a new source
Select the Connector you just defined, in this example we called it "Connector Builder Test", but yours will likely be some version of Entra ID_Azure AD, etc...
Complete the Source Properties.
Source Properties
URL: https://graph.microsoft.com
Test URL: v1.0/users
Manage Token:
Tokenname: YourClient Azure AD Token
Grant Type: client_credentials
Authorization URL: https://login.microsoftonline.com/{Azure Tenant ID}/oauth2/v2.0/authorize
Access Token URL: https://login.microsoftonline.com/{Azure Tenant ID}/oauth2/v2.0/token
Client ID: Value from the Azure App Registration
Client Secret: The secret created for the App Registration
State: Any secret value E.g. A complex password
Last updated
Was this helpful?