Modules
Sign in
New Request

How to set up an app registration for Microsoft Graph synchronization only

App registration

To make requests using Microsoft Graph API you need to register an app in Azure Portal. To register an application:

  1. Go to Azure Portal https://portal.azure.com/#home

  2. Click on Azure Active Directory

  3. Select App registrations on the left manage panel

  4. Press New registration

  5. Type a name of your application, for example “passly app”

  6. Select Supported account types for an application

  7. Press Register button

Detailed info how to register an app in Azure Portal .

App Permissions

Azure AD assigns a unique application (client) ID to your app. You need to give permissions to your application. A daemon application can request only application permissions to APIs (not delegated permissions). On the API permissions page for the application registration, after you've selected Add a permission and chosen the API family (Microsoft Graph), choose Application permissions, and then select your permissions.

To enable sync you need to select
Group > Group.ReadWriteAll;
Domain > Domain.ReadWrite.All;
User > User.ReadWrite.All;
Directory > Directory.ReadWrite.All;

Then press Grant admin consent so the Status column of the permissions table contains “Granted for <domain_name>“ status.

Example:

fce01e2c-699f-48b5-b562-bf3f1d3e6454.png

Roles And Administrators

App registration must be a member of Global Admin role to be able to federate a domain. On a Azure Portal > Azure Active Directory > Roles and administrators page search for Global Administrator role.

d52176cd-4768-4b90-9f92-1c82f4715375.png

Select that role and click on Add assignments. Search for your app registration name “passly app“, select ir and press Add.

App Certificate

As with any confidential client application, you need to add a secret or certificate to act as that application's credentials so it can authenticate as itself, without user interaction.

To get a certificate go to Passly SSO Manager > Application Library > Your Office 365 application > Singing and Encryption.

There should be a valid signing certificate. Press download button to save it locally.

f0e3e431-1067-41e2-bc33-f5067ec6d3ac.png

To upload a certificate to your Azure app registration:

  1. Select Certificates & secrets > Certificates > Upload certificate

  2. Select a previously downloaded certificate

  3. Add a description

  4. Press Add

You can check the thumbprint of an uploaded certificate that should be equal to the one from Passly tab.

55282dab-c07c-491a-9602-f63242d91621.png

Detailed information on how to grant permissions and add a certificate .

Passly setup

To use Microsoft Graph Federation go to SSO Manager > Application Library > Your Office 365 application.

Select Microsoft Graph option for federation.

You need to fill in the following settings:

  • Client ID - registered Azure Portal application id

  • Tenant ID - Azure AD tenant id

  • Domain - domain to federate
    6d462284-4247-4243-bae7-88a916b74d56.png

To verify the settings press Verify button.

 

Have more questions?

Contact us

Was this article helpful?
0 out of 0 found this helpful

Provide feedback for the Documentation team!

Browse this section