English (US) Deutsch

Marketplace

See more

User management with Azure AD

Avatar
Steven Yorke
Follow

To synchronize your users from Azure AD to Beekeeper, follow the steps below.

Add an app in the Microsoft portal

  1. Go to https://apps.dev.microsoft.com/
  2. Click on Add an app
  3. Give the app a name, e.g. “Beekeeper User Sync” app and uncheck “Let us help you get started"
  4. Copy and store the generated password
  5. Copy and store the Application ID shown on the page
  6. Change the permissions to have no delegated permissions and the grant the “User.Read.All” application permission
  7. Click Save
  8. Click Edit Application Manifest
  9. Replace the value of the “oauth2Permissions” attribute with the code below (you can edit the consent descriptions to your preferences):
"oauth2Permissions": [
    {
        "id": "974c519c-e5c1-424b-ac8d-4bb632f455ec",
        "isEnabled": true,
        "lang": null,
        "type": "User",
        "value": "access_as_user",
        "adminConsentDescription": "Allow the Beeekeper user sync application to access all user directory information.",
        "adminConsentDisplayName": "Beekeeper User Sync (Admin)",
        "userConsentDescription": "Allow the Beekeeper user sync application to access your information.",
        "userConsentDisplayName": "Beekeeper User Sync (You)"
    }
],

Consent for access

  1. Go to https://login.microsoftonline.com/<YOUR_AD_DOMAIN>/adminconsent?client_id=<APPLICATION_ID> replacing <YOUR_AD_DOMAIN> with your Azure AD domain (e.g. beekeeper.io) and <APPLICATION_ID> with the application ID from step 5 in the previous section.
  2. Consent to the access: the response appears in a dialogue box, but you can set up a redirect in the manifest to go directly to the app.

Setting up a redirect

  1. To set up a redirect there are two values to set, both at the root level of the manifest: “replyUrls” and “signInUrl”. If we wanted, we could set up a dedicated redirect page that says something like: “Yay it worked, you’re all set!”. Or we could just redirect to our home page, as in this example:

    "replyUrls": [
        "https://beekeeper.io"
    ],
    "signInUrl": "https://beekeeper.io"

  2. Request a secure box.beekeeper.io link from your CSM/CSE to share the Application ID, Password and the AD Domain with them to configure the user sync application. Do NOT share this information via EMail.

Related articles

Comments

0 comments

Please sign in to leave a comment.