Situation – You want to integrate Azure Active Directory with EMP Cloud to sync your user base.
Solution – Following the steps outlined below will allow you to configure and integrate Azure Active Directory:
Azure Active Directory Sync
Please note:
Customers hosted on Office 365 may prefer to use Azure Active Directory to sync users and groups. This will allow you to import:
EMP Cloud only allows connection to one AD at a time. Multiple sources cannot be managed at this time.
Step 1: Creating The Custom Application In Azure
Permissions
Azure Active Directory Graph under Supported Legacy APIs can work with existing setups. For new setups, or if your old setup is on the Azure AD Graph, you should use the Microsoft Graph API. This is the Microsoft Graph API at the top of the page. If your credentials stop working, or you get the error, “Failed to connect. Please check your Azure Credential” it could be you are pointed to the older legacy API (Azure Active Directory Graph). In this case you will need to setup the Microsoft API Graph.
Additionally, If you get the credentials error- “We have come across a problem, and cannot continue. Please contact support quoting ‘code displayed here’ if this problem persists.” Please create a new Azure App on the Azure admin area and then add the credentials into the portal under “Administration- User Management – Import & Sync – Azure Directory Sync. Once entered click Save. Sync can then be run without error.
End of life for the Azure Active Directory Graph is June 30th, 2022. Click here for more details.
Key (Secret)
The Secret ID will be displayed when you save the changes. Copy down the VALUE Field, as you will NOT be able to retrieve it after leaving the page.
This Key WILL EXPIRE at the end of the selected duration period. After that period of time A NEW SECRET KEY needs to be generated again.
In Azure AD- sign in must be enabled for accounts to be active and mail to flow.
Step 2: Configuring Azure Within EMP Cloud Interface
After logging into your interface:
If there is no Tech Contact defined in your EMP Cloud Dashboard (Administration- Account Management- Profile-Tech Contact) eventually the system will change the Azure Active Sync Frequency back to the Never setting automatically.
There will be a report that is sent daily called the Azure AD Summary report that cannot be disabled. This is due to notify that the service is running and is a system audit. The only way to stop these is to set the frequency of the sync to never.
7. Click Save at the bottom of the page. The page will refresh and a prompt will confirm that the settings have been saved.
Press Save Button
Do not press the Search Now immediately. Ensure that all your settings are saved first and save it. After it has saved, proceed with the Manual Sync below.
Manual Sync
Once you complete the above steps, EMP Cloud will connect and sync data from your Office 365 environment based on the frequency you chose. You may want to execute a manual sync to validate the data being returned.
To perform an ad-hoc/manual Azure Active Directory sync:
The results of the sync will be organized into categories. You should review the results and uncheck any changes you do not want to take effect.
The automatic sync does not allow manual intervention to take place. Make sure the preferences defined on the Azure Active Directory page are accurate.
If you try to manually sync and encounter an error, check out our article Azure AD Permissions Error.
How To Log In With A Microsoft Account
Prerequisites:
Logging In With Microsoft 365
Enabling this feature will direct all users (including administrators) to login using their Microsoft account. If Microsoft is unavailable, users will be redirect to the EMP Cloud account login page and asked to login with their EMP Cloud credentials.
If there is a problem with the Microsoft SSO, a custom parameter can be passed to utilize standard authorization.
Manual Login With Microsoft Account
We will continue to allow users to manually authenticate using their Microsoft account.