Skip to main content
Skip table of contents

Setup Microsoft Entra ID (formerly Azure Active Directory)

In order for IBI-aws to communicate with a Microsoft Azure Active Directory, the following steps are required.

Before setting up Microsoft Azure Active Directory access, we recommend enabling certificate-based encryption of the configuration file.

This ensures that only authorized clients are granted access.

IBI-helpMe Admin (Part 1)

Generate certificate for client authentication

  1. Launch IBI-helpMe Admin
  2. Navigate to Azure Active Directory
  3. Tenant ID and Application ID can first be leaved blank
  4. Under Certificates click on Generate
  5. Click on Export (Public Key Only)... and save the public key of the certificate to a desired location.
  6. Click on Save

Azure Portal

Register application

  1. Open Azure Portal
  2. Navigate to Azure Active Directory > App registrations
  3. Click on New registration
  4. Choose an appropriate name. E.g. IBI-helpMe
  5. Select an appropriate account type (if in doubt, select Accounts in this organizational directory only)
  6. Click on Register

Setup certificate authentication

  1. Open Azure Portal
  2. Navigate to Azure Active Directory > App registrations
  3. Select the previously registered application
  4. Click on Certificates & secrets
  5. Select the Certificates tab
  6. Upload the previously saved certificate (Public Key) using Upload certificate

Setup API permissions

In order for IBI-aws to query the required information, the following API permissions must be assigned:

  • Device.Read.All
  • User.Read.All
  • GroupMember.Read.All

These permissions are assigned as follows.

  1. Open Azure Portal
  2. Navigate to Azure Active Directory > App registrations
  3. Select the previously registered application
  4. Click on API permissions
  5. Click on Add a permission
  6. Select the Microsoft APIs tab
  7. Select Microsoft Graph 
  8. Click on Application permissions
  9. Select the above mentioned permissions using the search function.
  10. Confirm the operation by clicking on Add permissions
  11. The Admin consent must be requested via the menu (...) of the respective permission

Dertermine Tenant ID and Application ID

  1. Open Azure Portal
  2. Navigate to Azure Active Directory > App registrations
  3. Select the previously registered application
  4. Note Directory (tenant) ID and Application (client) ID

IBI-helpMe Admin (Part 2)

Finalize setup

Once the application has been registered in the Azure Portal and all permissions have been granted, the remaining information can be transferred in the IBI-helpMe Admin and a connection test can be performed.

  1. Launch IBI-helpMe Admin
  2. Navigate to Azure Active Directory

  3. Enter the previously noted information as follows:

    Azure propertyIBI-aws property
    Directory (tenant) IDTenant ID
    Application (client) IDApplication ID
  4. Activate the certificate
  5. Click on Test connection to make sure that a connection and the authentication could be performed successfully
  6. Click on Save
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close