# Microsoft Entra ID (Azure Active Directory) - Connector Builder ## Connector Information Microsoft Entra ID (Azure Active Directory) is a cloud-based identity and access management solution. It is a directory and identity management service that operates in the cloud and offers authentication and authorization services to various Microsoft services such as Microsoft 365, Dynamics 365, and Microsoft Azure. ASM can connect via the Alemba Connector builder. The pull of information is controlled by the scheduling option within the System and the security set by your Azure Administrators. {% hint style="warning" %} **Authentication and Security** In the Application Registration (for the Microsoft Graph Security), ensure you have application Permissions configured with: * User.Read.All * Directory.Read.All {% endhint %} ## Prerequisites You must have at least ASM 10.6.5 installed with the connector builder functionality.

## System Access Requirement * Application ID * Client Secret value (not the client secret ID) * Client\_Credentials Access is required ## Helpful Links {% embed url="" %} {% embed url="" %} {% hint style="info" %} **Known Issue:** Incorrect Data is populated in ASM from Azure AD when using the Connector Builder **Root Cause:** Enabling "***Display Cached Resource Properties in Search Results***" in the integration settings can cause issues where the cached values are not cleared when a value on the next record is empty or null.

**Fix:** Disable "Display Cached Resource Properties in Search Results" in the integration settings. {% endhint %} ## Configuring the Connector Builder for Entra ID/Azure Active Directory Below are examples of the parameters you will want to populate in the connector builder for the Entra ID Azure Active Directory mapping. 1. Access the Connector Builder: System Admin>Integration>Connector Builder 2. Click "Add Connector" to add a new connector 3. Enter the details (See sections below for details and examples) 1. **Connector Builder Name:** Microsoft Entra ID 2. **Authentication Type:** OAuth

4. Configure Resource Settings, click the "+" to add a Resource

5. Click the "New Resource" Link to expand and enter the details

1. **Resource Display Name:** User 2. **Resource Id:** user\_1 3. **Resource Category:** Person 4. **Resource Description:** User in Microsoft Entra 6. Complete the queries as follows:

All

**Query:** All **URL:** v1.0/users?$select=id,createdDateTime,displayName,givenName,department,companyName,streetAddress,surname,city,userType,jobTitle,mail,mobilePhone,officeLocation,postalCode,streetAddress,state,userPrincipalName,accountEnabled &$expand=manager($levels=1;$select=id,displayName,userPrincipalName) **Nested Objects:** value **Paged?** True **Starting Page No:** 0 **Page Size:** 100 **Next Page Property:** @odata.nextLink

**Query:** Search **URL:** v1.0/users?$select=id,createdDateTime,displayName,givenName,department,companyName,streetAddress,surname,city,userType,jobTitle,mail,mobilePhone,officeLocation,postalCode,streetAddress,state,userPrincipalName,accountEnabled&$expand=manager($levels=1;$select=id,displayName,userPrincipalName)&$filter=startswith(displayName,'@SEARCHTEXT') **Nested Objects:** value **Paged?** False

Retrieve

**Query:** Retrieve URL:v1.0/users/@UNIQUEID?$select=id,createdDateTime,displayName,givenName,department,companyName,streetAddress,surname,city,userType,jobTitle,mail,mobilePhone,officeLocation,postalCode,streetAddress,state,userPrincipalName,accountEnabled&$expand=manager($levels=1;$select=id,displayName,userPrincipalName) **Nested Objects Paged?** False

7. Complete the Resource Details

Resource Unique Identifier Field

**Field ID:** id **Data Type:** String

Resource Display Field

**Field ID:** DisplayName **Data Type:** String

Resource Last Modified Field

**Field ID:** createdDateTime **Data Type:** String

8. Setup fields, Click the "New Fieldset" link

Fieldsets Details

**Fieldset id:** User Details **Type:** Mapped\*\* {% hint style="danger" %} Set the field set type for the **User** type to be "Mapped" instead of "Relative" (the default value). This will ensure the cached values are not retained during the scan. {% endhint %}

9. Add fields to the fieldset, Click the "+" to add a new Field

10. Click the "+" to repeat and add a new row for all fields you need to add to this fieldset

Fields Details

#### Field ID: id Field Display: ID Data Type: String #### Field ID: displayName Field Display: Display Data Type: String #### Field ID: createdDateTime Field Display: Created Data Type: String #### Field ID: givenName Field Display: Given Name Data Type: String #### Field ID: department Field Display: Department Data Type: String #### Field ID: surname Field Display: Surname Data Type: String #### Field ID: city Field Display: City Data Type: String #### Field ID: userType Field Display: User Type Data Type: String #### Field ID: jobtitle Field Display: Job Tilte Data Type: String #### Field ID: mail Field Display: Email Data Type: String #### Field ID: mobilePhone Field Display: Mobile Phone Data Type: String #### Field ID: officeLocation Field Display: Office Location Data Type: String #### Field ID: postalCode Field Display: Postal Code Data Type: String #### Field ID: accountEnabled Field Display: Account Enabled Data Type: Boolean #### Field ID: streetAddress Field Display: Street Address Data Type: String #### Field ID: state Field Display: State Data Type: String #### Field ID: userPrincipalName Field Display: User Principal Name Data Type: String #### Field ID: Manager/id Field Display: Manager ID Data Type: String #### Field ID: manager/displayName Field Display: Manager Display Name Data Type: String #### Field ID: manger/userPrincipalName Field Display: Manager User Principal Name Data Type: String #### Field ID: CompanyName Field Display: CompanyName Data Type: String #### Field ID: streetAddress Field Display: streetAddress Data Type: String #### Field ID: telephoneNumber Field Display: Telephone Number Data Type: String #### Field ID: mobile Field Display: Mobile Data Type: String

{% hint style="info" %} **Link Settings** This section is not applicable to the AD configuration. If you need more information about Link Settings, please contact Alemba Support for assistance. {% endhint %} 11. Save your new Connector 12. Configure your Source 1. Navigate to System Admin>Integration>Sources 2. Click the Add icon to add a new source ![](https://1375663122-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FhlW9jKl7dcDggHAPhNU9%2Fuploads%2FEwD9fFENFjVyi9jvkuPs%2Fimage.png?alt=media\&token=27c2d5ed-56bd-479d-9afe-c31db3f0ab59) 3. Select the Connector you just defined, in this example we called it "Connector Builder Test", but yours will likely be some version of *Entra ID\_Azure AD*, etc...

13. Complete the Source Properties.

Source Properties

**URL:** ; **Test URL:** v1.0/users **Manage Token**: * Tokenname: YourClient Azure AD Token * Grant Type: client\_credentials * Call back URL:  * Authorization URL: [https://login.microsoftonline.com/{Azure ](https://login.microsoftonline.com/%7BAzure)Tenant ID}/oauth2/v2.0/authorize * Access Token URL: [https://login.microsoftonline.com/{Azure ](https://login.microsoftonline.com/%7BAzure)Tenant ID}/oauth2/v2.0/token * Client ID: Value from the Azure App Registration * Client Secret: The secret created for the App Registration * Scope:  * State: Any secret value E.g. A complex password

14. [Map Your Fields Under **Resources** ](https://docs.alemba.com/asm/integrate/managing-integration/selecting-fields-for-mapping) 15. [Set up the integration's **scheduled scan**](https://docs.alemba.com/asm/integrate/managing-integration/managing-the-federated-cmdb/managing-scheduled-integration-scans)