Example configuring - Integrate AM System with Microsoft Intra ID (formerly Azure AD)

This article serves as a basic example for setting up an app registration to connect Microsoft Intra to AM System. Since AM System does not have information on your specific Azure AD setup, configuration details may differ

AM System is not liable for any configurations made in your Azure AD. For any uncertainties in managing your Azure AD, consult the responsible department or a certified partner.

Start by logging in to http://entra.microsoft.com or https://portal.azure.com and navigate to Microsoft Entra ID

Create a new Enterprise Application and configure attributes

    1. Choose New application and then Create your own application
    2. Name your application, and select Integrate any other application you don't find in the gallery (Non gallery) and click Create
    3. Select Provisioning and click Get started
    4. Select Automatic in the provisioning mode field and add the address https://api.amsystem.com/scim/v2 to the Tenant URL. Information for the Secret Token field is provided by AM System at the time of activation. Then click on Test Connection to see that the connection is successful. Then select Save.
    5. Disable Provision Azure Active Directory Groups under the attribute mapping menu by first clicking on Provision Azure Active Directory Groups and then selecting No in the enabled field. Then click on Save.
    6. Go back to Provisioning and click on Provision Azure Active Directory Users. Here you have to make several changes.
      • Uncheck Delete on target Object Actons
      • Keep the following attributes: 
        • userPrincipalName
        • Switch([IsSoftDeleted], , "False", "True", "True", "False")
        • givenName
        • surname
        • mobile - optional to keep if you wish to send your phone number to AM System
        • mail - optional to use, but should be used if your UPN is NOT the same as the user's email address
        • mailNickname
      • Change the Azure AD attribute mailNickname to objectId
      • Your Attribute Mappings should then look like this:
      • Now it is time to choose which users will have access to the application. Navigate back to your Application and select "Users and groups". Then add the desired users, preferably by using groups. If you are using MS on-premises, you should create the group locally. Do not start Provisioning before activation together with AM system!

Before the configuration is complete, we also need to adjust the Application Permissions and add a Redirect URI

    1. From the newly created Application click on Permissions in the menu and then application registration
    2. Then click on Add a permission
    3. Select Microsoft Graph and Delegated permissions and then User.Read and Add permissions
    4. Click on Grant admin consent for Default Directory
    5. Then click on Overview and Add a Redirect URI
    6. Click on Add a platform and select Web and fill in your system address on Redirect URIs. Select Access tokens (used for implicit flows) och deselect ID tokens (used for implicit and hybrid flows. If you have several addresses for your site, you can add all addresses with advantage. Finally click Save

The information AM System then needs to integrate AM system with Azure AD is:

  • Application (client) ID
  • Directory (tenant) ID

Relaterat innehåll:

Senast uppdaterad:17 april, 2024