How can we help?

Integrating Azure AD into Auvik SaaS Management

Follow

Azure AD Integration Setup

When setting up Auvik SaaS Management, you may want to integrate into Azure AD for individual clients. This article details the steps required to integrate Azure AD into a single client.

Why Integrate with Azure AD?

The integration with Azure AD gives admins less administrative work

  • Allows admins to easily sync users and allows the platform to more easily identify and associate new apps/events to Azure AD Users.
  • Allows admins to run reports by groups or departments that exist within Azure AD
  • Generates a richer data set of new SaaS events and security logs tied to a user's Azure AD single-sign-on activity.

Creating the Application in your Azure Portal 

  1. Visit https://portal.azure.com/ and login to an administrator account for the tenant you are configuring. 
  2. Once authenticated, click the Search Box at the top of Azure.  
  3. Type “App Registrations” in this box, and the following option should  appear: Click this option. 
    C62CA2C9-F5F9-4BEE-AD3F-85FCCDE6A9B3_4_5005_c.jpeg

    Note:
    If this does not appear you may not have sufficient privileges.
  1. In the App Registrations dashboard, click the New Registration button (right under the header of the page) 
  2. Fill out the Register an Application Form:
    1. For the Name, input something that follows your organizations naming syntax and includes the name Saaslio (for some management later).
    2. For the Supported Account Types, select the option that meets your organization’s needs. In most cases it will either be:
      Default Directory – Single Tenant or Any Azure AD Directory – Multitenant 
    3. For the Redirect Url, leave this blank.
  3. Click the Register Button after filling out the form.

Adding the Permissions to your Azure Application 

  1. You will be redirected to your new app registration’s page. On the left-hand side of the page you will see a navigation menu. Select the  8CF40BBE-0922-4E11-A6F7-627CCA9ED88E_4_5005_c.jpegoption. You will be redirected to the API Permissions  page. 
  2. In the API Permissions page, click the + Add a Permission button. 
  3. On the right-hand side of the page, a new dialogue will prompt with the options to Request API Permissions. Select the Microsoft Graph API option. 
  4. You will then be requested to choose which type of access you are granting, Auvik SaaS Management requires “Application Permissions.” 
  5. You may use the search box to find the following permissions below. All of these Application permissions are required. 
    1. Directory.Read.All 
    2. Group.Read.All 
    3. Organization.Read.All 
    4. Team.ReadBasic.All 
    5. User.Read.All
    6. AuditLog.Read.All
  6. Once you’ve selected these permissions, click the Add Permissions button  at the bottom of the page. The sidebar dialogue will disappear and your new permission set should look like the following:
    D2C25A92-61BE-4930-929D-91A8B5098F19_4_5005_c.jpeg
  7. These app permissions will need to be approved by an Administrator. Click the Grant Admin consent for Default Directory or if you do not have  access, have your local administrator handle this action. 

Generating your Application Azure Certificate & Secret 

In the following steps you are generating a secret that is only visible once, be prepared to copy and store it somewhere secure.

  1. You will need to generate an application secret for the Auvik SaaS Management platform to have access to this application and new permissions. On the left-hand side navigation, click the 2B1DC2F3-BCF3-4A65-8719-545EEEF1F09D_4_5005_c.jpegmenu option.  
  2. Generate a new client secret by clicking the + New Client Secret. Button and name the secret something you will remember, and choose your expiration timeframe.

    Important: After creating your secret, copy it and store it in a secure stash  or a text note that will be deleted later, as it will become obfuscated after leaving this page. 

Setting your credentials in the Auvik SaaS Management Dashboard

  1. From the Partner Hub, click on Clients. Click on the Client you wish to set up the configuration for.
  2. Click on the Utilities navigation link under the Admin Hub links.
  3. Click on the ‘Configure AD Integration’ button. Once inside the configuration page, click the Enable Azure AD Integration radio button, and two new fields will appear. You will need to provide an Identity Application ID and an Application Secret
  4. First, Set the Tenant ID by copying it from the Directory Tenant ID in the Azure App Registrations interface, by clicking the Pencil Icon next to the Tenant ID in the Auvik SaaS Management interface. Save the Tenant ID before moving forward.
    azure_AD.png
  5. The Application ID can be found on the front page of your App Registration  dashboard:  
    DCA8B8BF-B39F-4211-AB0C-C38BBBEF3C28_4_5005_c.jpeg
  6. The Application Secret is the one you generated in steps 1 through steps  3. 
  7. After enabling your Azure AD integration, two new tabs Groups and Users should appear.

(Optional) Syncing your Office Azure AD Groups in the Auvik SaaS Management  Dashboard

  1. In your dashboard, click the Groups Tab. Inside this view, you will be able to click the Users Icon or the Refresh / Cancel Icon: 
    1. The Users Icon will show you a list of users in your platform and if  they exist in your system.  
    2. The Refresh / Cancel Icon will denote whether you are enabling sync  or not for this group.

      Note: These groups refresh every hour and on the first sync.
Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request