...
The following table describes all of the properties that you can specify for the configuration:
| Configuration Property | Type | Required | Description |
|---|---|---|---|
| authority | String | X | The authority base URL. It should be https://login.microsoftonline.com/common/ for a multitenant application (this is the URL for the Azure AD common endpoint, which enables users from any Azure AD tenant to sign in. For more information about the common endpoint, see this blog post.), or https://login.microsoftonline.com/ + [YOUR_TENANT_ID] |
| clientId | String | X | Azure Native Application ID; you can find it by selecting your Native App in Azure portal |
| redirectURI | String | X | Since usually the client app does not have an external service to redirect to, this URI is the standard placeholder for client apps; defaults to https://login.live.com/oauth20_desktop.srf |
| resourceURI | String | X | Azure AD Graph API service root; defaults to https://graph.windows.net |
| username | String | X | Your AD User username |
| password | String | X | Your AD User password |
| domain | String | X | Your Microsoft domain (e.g. mycompany.onmicrosoft.com) |
| tenantId | String | X | Azure Tenant ID |
| clientSecret | String | X | Client Secret value; you can find it under Certificates & Secrets |
| scopes | String | X | OpenID connect scopes; defaults to https://graph.microsoft.com/.default |
| userAttributesToGet | String | X | List of user attributes to retrieve. Must contain at least id and userPrincipalName in order to make the search work. |
| groupAttributesToGet | String | X | List of group attributes to retrieve. Must contain at least id in order to make the search work. |
| restoreItems | Boolean | X | true if you want to restore items (users and groups) instead of creating new one |
Prerequisites
Obtaining an Azure AD account
...
The required authorization must be set for the following APIs:
- Microsoft Graph;Windows Azure Active Directory.
so, after creating the application, you'll need to select it and add a new permission for both those APIs that API in the Required permissions menu.
...
- In the Required permissions menu, click on Windows Azure Active Directory;In the Enable Access menu, select all permissions from Delegated Permissions and click on Microsoft Graph;
- Choose Delegated Permissions and add these permissions:
- APIConnectors.Read.All
- Directory.AccessAsUser.All
- PrivilegedAccess.ReadWrite.AzureAD
- profile
- User.Read
- Click Save;
- Finally, back to Required permissions menu, click on the Grant Permissions button.
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
oauth2.authority=
oauth2.clientId=
oauth2.redirectURI=
oauth2.resourceURI=
oauth2.username=
oauth2.password=
oauth2.domain=
oauth2.tenantId=
oauth2.clientSecret=
oauth2.scopes=
oauth2.userAttributesToGet=
oauth2.groupAttributesToGet=
oauth2.restoreItems= |
In case you want to test license assignment you must add the following properties:
...