# Microsoft Entra ID (Azure Active Directory) - Connector Builder

## Connector Information  

Microsoft Entra ID (Azure Active Directory) is a cloud-based identity and access management solution. It is a directory and identity management service that operates in the cloud and offers authentication and authorization services to various Microsoft services such as Microsoft 365, Dynamics 365, and Microsoft Azure.  

ASM can connect via the Alemba Connector builder.  The pull of information is controlled by the scheduling option within the System and the security set by your Azure Administrators. 

{% hint style="warning" %}
**Authentication and Security**

In the Application Registration (for the Microsoft Graph Security), ensure you have application Permissions configured with:

* User.Read.All
* Directory.Read.All

{% endhint %}

## Prerequisites

You must have at least ASM 10.6.5 installed with the connector builder functionality. 

<figure><img src="/files/jF0SK8svjuPuY6zCdMyv" alt=""><figcaption></figcaption></figure>

## System Access Requirement&#x20;

* Application ID&#x20;
* Client Secret value (not the client secret ID)&#x20;
* Client\_Credentials Access is required &#x20;

## Helpful Links&#x20;

{% embed url="<https://graph.microsoft.com/v1.0/$metadata#users/$entity>" %}

{% embed url="<https://developer.microsoft.com/en-us/graph/graph-explorer>" %}

{% hint style="info" %}
**Known Issue:** Incorrect Data is populated in ASM from Azure AD when using the Connector Builder

**Root Cause:** Enabling "***Display Cached Resource Properties in Search Results***" in the integration settings can cause issues where the cached values are not cleared when a value on the next record is empty or null.

<img src="/files/Ohca3l0dqlAzgmQ7x0t3" alt="" data-size="original">

**Fix:** Disable "Display Cached Resource Properties in Search Results" in the integration settings.&#x20;

{% endhint %}

## Configuring the Connector Builder for Entra ID/Azure Active Directory&#x20;

Below are examples of the parameters you will want to populate in the connector builder for the Entra ID Azure Active Directory mapping.

1. Access the Connector Builder: System Admin>Integration>Connector Builder
2. Click "Add Connector" to add a new connector
3. Enter the details (See sections below for details and examples)
   1. **Connector Builder Name:** Microsoft Entra ID&#x20;
   2. **Authentication Type:** OAuth&#x20;

<figure><img src="/files/0jub4japRjF2wudKefmB" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/W90og2yzIt5NGdqcvkAZ" alt=""><figcaption></figcaption></figure>

4. Configure Resource Settings, click the "+" to add a Resource

<figure><img src="/files/buYbXVcpL1sDA6PKlioY" alt=""><figcaption></figcaption></figure>

5. Click the "New Resource" Link to expand and enter the details

   <figure><img src="/files/HEtwX2bCFAiu8uHFqwXI" alt=""><figcaption></figcaption></figure>

   <figure><img src="/files/GFsWXmXjxPHOzJ8SRvvo" alt=""><figcaption></figcaption></figure>

   1. **Resource Display Name:** User&#x20;
   2. **Resource Id:** user\_1&#x20;
   3. **Resource Category:** Person&#x20;
   4. **Resource Description:** User in Microsoft Entra&#x20;
6. Complete the queries as follows:

<figure><img src="/files/1R6TM416hfaqk2tJQmp4" alt=""><figcaption></figcaption></figure>

<details>

<summary>All</summary>

<img src="/files/Sr6HRYcgxITnwubfcTcw" alt="" data-size="original">

**Query:** All&#x20;

**URL:** v1.0/users?$select=id,createdDateTime,displayName,givenName,department,companyName,streetAddress,surname,city,userType,jobTitle,mail,mobilePhone,officeLocation,postalCode,streetAddress,state,userPrincipalName,accountEnabled &$expand=manager($levels=1;$select=id,displayName,userPrincipalName)&#x20;

**Nested Objects:** value&#x20;

**Paged?** True&#x20;

**Starting Page No:** 0&#x20;

**Page Size:** 100&#x20;

**Next Page Property:** @odata.nextLink&#x20;

</details>

<details>

<summary>Search</summary>

<img src="/files/sG2f5Q1rjcuUX3NK60st" alt="" data-size="original">

**Query:** Search&#x20;

**URL:** v1.0/users?$select=id,createdDateTime,displayName,givenName,department,companyName,streetAddress,surname,city,userType,jobTitle,mail,mobilePhone,officeLocation,postalCode,streetAddress,state,userPrincipalName,accountEnabled&$expand=manager($levels=1;$select=id,displayName,userPrincipalName)&$filter=startswith(displayName,'@SEARCHTEXT')&#x20;

**Nested Objects:** value&#x20;

**Paged?** False&#x20;

</details>

<details>

<summary>Retrieve</summary>

<img src="/files/yEuGPgpPTVHjyypEgLkm" alt="" data-size="original">

**Query:** Retrieve&#x20;

URL:v1.0/users/@UNIQUEID?$select=id,createdDateTime,displayName,givenName,department,companyName,streetAddress,surname,city,userType,jobTitle,mail,mobilePhone,officeLocation,postalCode,streetAddress,state,userPrincipalName,accountEnabled&$expand=manager($levels=1;$select=id,displayName,userPrincipalName)&#x20;

**Nested Objects Paged?** False&#x20;

</details>

7. Complete the Resource Details

<figure><img src="/files/qtAFQmKpBZ397DMclmrF" alt=""><figcaption></figcaption></figure>

<details>

<summary>Resource Unique Identifier Field</summary>

**Field ID:** id&#x20;

**Data Type:** String&#x20;

</details>

<details>

<summary>Resource Display Field</summary>

**Field ID:** DisplayName&#x20;

**Data Type:** String&#x20;

</details>

<details>

<summary>Resource Last Modified Field</summary>

**Field ID:** createdDateTime&#x20;

**Data Type:** String&#x20;

</details>

8. Setup fields, Click the "New Fieldset" link

<figure><img src="/files/ua12u5FvX7mNB8TDc8SO" alt=""><figcaption></figcaption></figure>

<details>

<summary>Fieldsets Details</summary>

**Fieldset id:** User Details&#x20;

**Type:** <mark style="color:red;">Mapped\*\*</mark>

{% hint style="danger" %}
Set the field set type for the **User** type to be "Mapped" instead of "Relative" (the default value). This will ensure the cached values are not retained during the scan.&#x20;
{% endhint %}

</details>

9. Add fields to the fieldset, Click the "+" to add a new Field

<figure><img src="/files/QpmsL1MUVdwaeC2DdtT2" alt=""><figcaption></figcaption></figure>

10. Click the "+" to repeat and add a new row for all fields you need to add to this fieldset

<figure><img src="/files/oJvFPiB31fwKEPMmx7zT" alt=""><figcaption></figcaption></figure>

<details>

<summary>Fields Details</summary>

#### Field ID: id &#x20;

Field Display: ID&#x20;

Data Type: String&#x20;

#### Field ID: displayName&#x20;

Field Display: Display&#x20;

Data Type: String&#x20;

#### Field ID: createdDateTime&#x20;

Field Display: Created&#x20;

Data Type: String&#x20;

#### Field ID: givenName&#x20;

Field Display: Given Name&#x20;

Data Type: String&#x20;

#### Field ID: department&#x20;

Field Display: Department&#x20;

Data Type: String&#x20;

#### Field ID: surname&#x20;

Field Display: Surname&#x20;

Data Type: String&#x20;

#### Field ID: city&#x20;

Field Display: City&#x20;

Data Type: String&#x20;

#### Field ID: userType&#x20;

Field Display: User Type&#x20;

Data Type: String&#x20;

#### Field ID: jobtitle&#x20;

Field Display: Job Tilte&#x20;

Data Type: String&#x20;

#### Field ID: mail&#x20;

Field Display: Email&#x20;

Data Type: String&#x20;

#### Field ID: mobilePhone&#x20;

Field Display: Mobile Phone&#x20;

Data Type: String&#x20;

#### Field ID: officeLocation&#x20;

Field Display: Office Location&#x20;

Data Type: String&#x20;

#### Field ID: postalCode&#x20;

Field Display: Postal Code&#x20;

Data Type: String&#x20;

#### Field ID: accountEnabled&#x20;

Field Display: Account Enabled&#x20;

Data Type: Boolean&#x20;

#### Field ID: streetAddress&#x20;

Field Display: Street Address&#x20;

Data Type: String&#x20;

#### Field ID: state&#x20;

Field Display: State&#x20;

Data Type: String&#x20;

#### Field ID: userPrincipalName&#x20;

Field Display: User Principal Name&#x20;

Data Type: String&#x20;

#### Field ID: Manager/id&#x20;

Field Display: Manager ID&#x20;

Data Type: String&#x20;

#### Field ID: manager/displayName&#x20;

Field Display: Manager Display Name&#x20;

Data Type: String&#x20;

#### Field ID: manger/userPrincipalName&#x20;

Field Display: Manager User Principal Name&#x20;

Data Type: String&#x20;

#### Field ID: CompanyName&#x20;

Field Display: CompanyName&#x20;

Data Type: String&#x20;

#### Field ID: streetAddress&#x20;

Field Display: streetAddress&#x20;

Data Type: String&#x20;

#### Field ID: telephoneNumber&#x20;

Field Display: Telephone Number&#x20;

Data Type: String&#x20;

#### Field ID: mobile&#x20;

Field Display: Mobile&#x20;

Data Type: String&#x20;

</details>

{% hint style="info" %}
**Link Settings**

This section is not applicable to the AD configuration.  If you need more information about Link Settings, please contact Alemba Support for assistance.
{% endhint %}

11. Save your new Connector
12. Configure your Source
    1. Navigate to System Admin>Integration>Sources
    2. Click the Add icon to add a new source ![](/files/tfdzEQnC5mCgFdLWWuS1)
    3. Select the Connector you just defined, in this example we called it "Connector Builder Test", but yours will likely be some version of *Entra ID\_Azure AD*, etc...

<figure><img src="/files/n3WRGsRZg7SIBRZtIdhr" alt=""><figcaption></figcaption></figure>

13. Complete the Source Properties.

<details>

<summary>Source Properties</summary>

**URL:** <https://graph.microsoft.com&#x20>;

**Test URL:** v1.0/users&#x20;

**Manage Token**: &#x20;

* Tokenname: YourClient Azure AD Token&#x20;
* Grant Type: client\_credentials&#x20;
* Call back URL: <https://yourclienturl.alembacloud.com/production/oauth2callback.htm>&#x20;
* Authorization URL: [https://login.microsoftonline.com/{Azure ](https://login.microsoftonline.com/%7BAzure)Tenant ID}/oauth2/v2.0/authorize&#x20;
* Access Token URL: [https://login.microsoftonline.com/{Azure ](https://login.microsoftonline.com/%7BAzure)Tenant ID}/oauth2/v2.0/token&#x20;
* Client ID: Value from the Azure App Registration&#x20;
* Client Secret: The secret created for the App Registration&#x20;
* Scope: <https://graph.microsoft.com/.default>&#x20;
* State: Any secret value E.g. A complex password&#x20;

</details>

14. [Map Your Fields Under **Resources** ](<https://docs.alemba.com/asm/integrate/managing-integration/selecting-fields-for-mapping >)&#x20;
15. [Set up the integration's **scheduled scan**](https://docs.alemba.com/asm/integrate/managing-integration/managing-the-federated-cmdb/managing-scheduled-integration-scans)

&#x20;


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.alemba.com/asm-hermes/integrate/managing-integration/build-your-own-connector/microsoft-entra-id-azure-active-directory-connector-builder.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.