Office 365 Application: Use Microsoft Graph for Synchronization

App registration

To make requests using Microsoft Graph API you need to register an app in Azure Portal. To register an application:

  1. Go to Azure Portal https://portal.azure.com/#home

  2. Click on Azure Active Directory

  3. Select App registrations on the left manage panel

  4. Press New registration

  5. Type a name of your application, for example “passly app”

  6. Select Supported account types for an application

  7. Press Register button

Detailed info how to register an app in Azure Portal .

App Permissions

Azure AD assigns a unique application (client) ID to your app. You need to give permissions to your application. A daemon application can request only application permissions to APIs (not delegated permissions). On the API permissions page for the application registration, after you've selected Add a permission and chosen the API family (Microsoft Graph), choose Application permissions, and then select your permissions.

To enable sync you need to select
Group > Group.ReadWriteAll;
Domain > Domain.ReadWrite.All;
User > User.ReadWrite.All;
Directory > Directory.ReadWrite.All;

Then press Grant admin consent so the Status column of the permissions table contains “Granted for <domain_name>“ status.

Example:

fce01e2c-699f-48b5-b562-bf3f1d3e6454.png

App Certificate

As with any confidential client application, you need to add a secret or certificate to act as that application's credentials so it can authenticate as itself, without user interaction.

To get a certificate go to Passly SSO Manager > Application Library > Your Office 365 application > Singing and Encryption.

There should be a valid signing certificate. Press download button to save it locally.

f0e3e431-1067-41e2-bc33-f5067ec6d3ac.png

To upload a certificate to your Azure app registration:

  1. Select Certificates & secrets > Certificates > Upload certificate

  2. Select a previously downloaded certificate

  3. Add a description

  4. Press Add

You can check the thumbprint of an uploaded certificate that should be equal to the one from Passly tab.

55282dab-c07c-491a-9602-f63242d91621.png

Detailed information on how to grant permissions and add a certificate .

Passly setup

To use Microsoft Graph Federation go to SSO Manager > Application Library > Your Office 365 application.

Select Microsoft Graph option for federation.

You need to fill in the following settings:

  • Client ID - registered Azure Portal application id

  • Tenant ID - Azure AD tenant id

  • Domain - domain to federate
    6d462284-4247-4243-bae7-88a916b74d56.png

To verify the settings press Verify button.

 

Have more questions?

Contact us

Was this article helpful?
0 out of 0 found this helpful

Provide feedback for the Documentation team!

Browse this section