Azure AD Integration Setup
When setting up Auvik SaaS Management, you may want to integrate it into Azure AD for individual clients. This article details the steps required to integrate Azure AD into a single client.
Creating the Application in your Azure Portal
- Visit https://portal.azure.com/ and login to an administrator account for the tenant you are configuring.
- Once authenticated, click the Search Box at the top of Azure.
- Type “App Registrations” in this box, and the following option should appear: Click this option.
Note: If this does not appear you may not have sufficient privileges.
- In the App Registrations dashboard, click the New Registration button (right under the header of the page)
- Fill out the Register an Application Form:
- For the Name, input something that follows your organizations naming syntax and includes the name Saaslio (for some management later).
- For the Supported Account Types, select the option that meets your organization’s needs. In most cases it will either be:
Default Directory – Single Tenant or Any Azure AD Directory – Multitenant
- For the Redirect Uri, leave this blank.
- Click the Register Button after filling out the form.
Adding the Permissions to your Azure Application
- You will be redirected to your new app registration’s page. On the left-hand side of the page you will see a navigation menu. Select the option. You will be redirected to the API Permissions page.
- In the API Permissions page, click the + Add a Permission button.
- On the right-hand side of the page, a new dialogue will prompt with the options to Request API Permissions. Select the Microsoft Graph API option.
- You will then be requested to choose which type of access you are granting, Auvik SaaS Management requires “Application Permissions.”
- You may use the search box to find the following permissions below. All of these Application permissions are required.
- Once you’ve selected these permissions, click the Add Permissions button at the bottom of the page. The sidebar dialogue will disappear and your new permission set should look like the following:
- These app permissions will need to be approved by an Administrator. Click the Grant Admin consent for Default Directory or if you do not have access, have your local administrator handle this action.
Generating your Application Azure Certificate & Secret
In the following steps you are generating a secret that is only visible once, be prepared to copy and store it somewhere secure.
- You will need to generate an application secret for the Auvik SaaS Management platform to have access to this application and new permissions. On the left-hand side navigation, click the menu option.
- Generate a new client secret by clicking the + New Client Secret. Button and name the secret something you will remember, and choose your expiration timeframe.
Important: After creating your secret, copy it and store it in a secure stash or a text note that will be deleted later, as it will become obfuscated after leaving this page.
Setting your credentials in the Auvik SaaS Management Dashboard
- From the Partner Hub, click on Clients. Click on the Client you wish to set up the configuration for.
- Click on the Utilities navigation link under the Admin Hub links.
- Click on the ‘Configure AD Integration’ button. Once inside the configuration page, click the Enable Azure AD Integration radio button, and two new fields will appear. You will need to provide an Identity Application ID and an Application Secret.
- First, Set the Tenant ID by copying it from the Directory Tenant ID in the Azure App Registrations interface, by clicking the Pencil Icon next to the Tenant ID in the Auvik SaaS Management interface. Save the Tenant ID before moving forward.
- The Application ID can be found on the front page of your App Registration dashboard:
- The Application Secret is the one you generated in steps 1 through steps 3.
- After enabling your Azure AD integration, two new tabs Groups and Users should appear.
(Optional) Syncing your Office Azure AD Groups in the Auvik SaaS Management Dashboard
- In your dashboard, click the Groups Tab. Inside this view, you will be able to click the Users Icon or the Refresh / Cancel Icon:
- The Users Icon will show you a list of users in your platform and if they exist in your system.
- The Refresh / Cancel Icon will denote whether you are enabling sync or not for this group.
Note: These groups refresh every hour and on the first sync.