To synchronize your users from Azure AD to Beekeeper, follow the steps below.
Add an App in the Microsoft Portal
1.) Go to your Azure Active Directory Portal for App Registrations.
2.) Click on + New registration.
3.) Give the app a name, e.g. “Beekeeper User Sync” app. Leave Supported account types as Accounts in this organizational directory only (Default Directory only - Single tenant).
[NOTE: While Redirect URI is labeled as optional, please input a URL as this will be important later with the logging in process. A generic homepage or login success page will do.]
4.) Once generated, you should see the the resulting app Overview page. Take note of the Application (client) ID and the Directory (tenant) ID.
Configure App API Permissions
1.) Navigate to the API Permissions page and delete the delegated User.Read permission by selecting it and clicking Remove permission.
2.) Add a new permission and choose Microsoft Graph which should be the first tile under Commonly used Microsoft APIs.
3.) Select the Application permissions configuration.
4.) From the list of drop down options, select User.Read.All and Directory.Read.All, this will allow beekeeper to properly configure and migrate Users and Groups.
5.) After selecting Add permissions, be patient while Preparing for consent and once available, grant admin access to these permissions by selecting Grant admin consent for Default Directory.
6.) This will prompt a new window to pop up. Proceed through the authorization steps to fully grant permissions.
Add Beekeeper to App Manifest
1.) Navigate to the Manifest page in the menu under Manage.
2.) Find the "oauth2Permissions" trait in the manifest (should be set to []).
3.) Replace the the "oauth2Permissions" trait with the following:
"oauth2Permissions": [
{
"id": "974c519c-e5c1-424b-ac8d-4bb632f455ec",
"isEnabled": true,
"lang": null,
"type": "User",
"value": "access_as_user",
"adminConsentDescription": "Allow the Beekeeper user sync application to access all user directory information.",
"adminConsentDisplayName": "Beekeeper User Sync (Admin)",
"userConsentDescription": "Allow the Beekeeper user sync application to access your information.",
"userConsentDisplayName": "Beekeeper User Sync (You)"
}
],
4.) Click Save in the upper left hand corner to save the configuration.
Generate App Secret
1.) Navigate to the Certificates & Secrets page and generate a secret by clicking + New client secret.
2.) Give the secret a name and set Expires to Never.
3.) IMPORTANT: Copy and save the secret value as this is the only time you have access to it. This secret is crucial for seamless integration between Azure AD and Beekeeper.
Consent For Access
1.) Navigate to the following URL, replacing the values of <YOUR_AD_DOMAIN> and <APPLICATION_ID> with your specific Application (client) ID and Directory (tenant) ID values from the Overview page.
https://login.microsoftonline.com/<YOUR_AD_DOMAIN>/adminconsent?client_id=<APPLICATION_ID>
2.) Follow the authorization steps to fully grant permissions.
[NOTE: A successful approval should leave you at the Redirect URI that we input when generating the App.]
Final Steps
Request a secure Box link from your CSM/CSE to share the following credentials to configure the user sync application.
IMPORTANT: Do NOT share this information via email.
- Application ID
- Directory ID
- Secret
- AD Domain
For any questions, comments, or concerns please reach out to technical.support@beekeeper.io
Comments
0 comments
Please sign in to leave a comment.