Microsoft Azure and Active Directory (AD) Integration Setup

Getting Started

BalkanID recommends creating a separate service account for the purposes of this integration, instead of using personal or employee named accounts.

Requirements:

• Application (client) ID

• BalkanID Secret Key

• Directory (tenant) ID

Note: The organization should posses an Azure AD Premium P1/P2 license and assign it to the user responsible for setting up the configuration. It is recommended for this user to have the Global Administrator Role.

Getting the configuration

Register the BalkanID application within Azure

1. Within your Azure portal, from the Dashboard search and navigate to App Registrations.
2. Click New Registration.
3. Fill in the details to register the application as mentioned in the screenshot.
4. Copy the Application (client) ID and Directory (tenant) ID after app registration. You will need these values to configure Azure within BalkanID.

Configure API permissions for the BalkanID application

1. Within your Azure portal, navigate to API Permissions and select Add a permission. Select Microsoft Graph.
2. Within Microsoft Graph section, you will see a choice between Delegated or Application permissions. Select Application permissions.
3. As shown in the screenshots below:

   • From the RoleManagement section, select RoleManagement.Read.All
   • From the AuditLog section, select AuditLog.Read.All.
   • From the AdministrativeUnit section, select AdministrativeUnit.Read.All.
   • From the Application section, select Application.Read.All.

   • From the Directory section, select Directory.Read.All.
   • From the Group section, select Group.Read.All.
   • From the User section, select User.Read.All.
4. Click Grant admin consent.. link for whatever permissions were assigned recently in the above steps (in example below, the directory is named “Default Directory”) as shown in the screenshot below.
5. Once granted, you will see status of each permission change from Not granted for your directory to Granted for your directory. The final list of permissions should match what is shown below.

Generate a secret for the BalkanID application to use

1. Navigate to Certificates & secrets. Select New client secret. For description, use “BalkanID Secret Key”. For expiration, select your preferred expiration. Please note that you will need to reissue and update the client secret once this secret expires.
2. Copy the Value of the newly created BalkanID Secret Key. You will need this value to configure Azure within BalkanID. CAUTION: Please note that the entire Value may not be visible. You should use the copy to clipboard action next to the Value field to copy the entire value.

Configure Azure integration within your BalkanID tenant

1. Login to the BalkanID application and switch to the tenant you would like to add your integration to.

2. Head to Integrations > Third Party Applications and click Add Integration, select Azure. Set up the Primary Application owner and the Description, if any.
3. Microsoft Azure would have been added to the list of applications. Click on the Configure and Integrate button beside the integration name, and configure the fields with the values that were noted prior. It should look like this:
4. Once you filled in the information, click Save changes. Your integration is now configured and you will see the status of the integration displayed alongside other integrations on the Integrations page. Integrations are synced daily. When data is available, the integration Status column will read Connected and the integration Message will read Data available.

Integration Scopes