Page Comparison

After setting up Azure and publishing the EmpowerID Azure AD SCIM microservice to your Azure tenant, you need to connect EmpowerID to the tenant to bring the user and group information in that tenant into EmpowerID, where it can be managed and synchronized with data in any connected back-end user directories.

Step 1 – Create an account store for Azure AD

1. On the navbar, expand Azure License Manager and select Configuration.

2. Select the Tenants tab and click the Add button on the Tenant grid header.
   

   Image Modified

3. Enter the following information in the Tenant form that appears:

   • Account Store Name – Name of your tenant

   • Azure App Service URL – URL for the SCIM app service you created in Azure

   • Azure Application (Client) ID – Client ID of the service principal application you registered in Azure for EmpowerID

   • Azure Directory (Tenant) ID – Your Tenant ID

   • Azure App Certificate Thumbprint – Thumbprint of the certificate you uploaded to Azure for the service principal application
     

Image Removed

1. • Image Added

2. Click Save.

EmpowerID creates the Azure AD account store and the associated resource system. The next step is to verify the resource system parameters match your tenant information.

Step 2 – Verify Resource System Parameters

1. From the Tenants tab, search for the Azure AD

1. tenant you

1. created

Click the Account Store link for the account store.

Image Removed

1. and click the Tenant link.
   

   Image Added

   
   This directs you to the Account Store and Resource System page for the Azure AD account store EmpowerID created for the tenant. This page contains several tabs related to the account store that you can access to view and manage the account store and resource system.
   

Image Removed

1. Image Added

2. Select the Resource System tab and then expand the Configuration Parameters accordion on the page.

3. Verify the following parameters are correct for your system:
   

   Insert excerpt
   IL:Azure AD Account Store Configuration Parameters IL:Azure AD Account Store Configuration Parameters nopanel true

   
   

4. To edit the value of a parameter, click the Edit button for the parameter you want to edit.
   

Image Removed

1. Image Added

2. Enter the new value in the Value field and click Save.

3. Repeat as needed.

Now that the Configuration Parameters have been updated, the next step is the configure Attribute Flow.

Step 3 – Configure Attribute Flow

Now that the attribute flow has been set, the next steps include configuring the account store and enabling EmpowerID to inventory it.

Step 4 – Configure Account Store Settings

1. On the Account Store Details page, select the Account Store tab and then click the Edit link to put the account store in edit mode.
   

Image Removed

1. Image Added

   
   This opens the edit page for the account store. This page allows you to specify how you want EmpowerID to handle the user information it discovers in your Azure tenant during inventory. Settings that are relevant to the account store are described in the table below the image.
   

Image Removed

1. Image Added

   
   

   Insert excerpt
   IL:Azure AD Account Store Settings

1. V22 IL:Azure AD Account Store Settings

1. V22 nopanel true

   
   

2. Edit the account store as needed and then click Save to save your changes.

Step 5 – Enable the Account Inbox Permanent Workflow

Step 6 – Enable Inventory on the Account Store

1. Return to the Account Store Details page for the account store.

2. Click the Edit link to put the account store in edit mode.

Image Removed

1. Select the Inventory tab and enter the start date and the end date for the job in the Start and Stop fields, respectively.

2. Select the desired inventory interval. The default interval is once every 10 minutes.

1. Check Inventory Enabled.

Image Removed

1. Click Save.

Step 6 – Recycle your EmpowerID Environment

In order to prevent continuous inventory errors stating that “EnableAzureRbacInventory in system config is missing,” EmpowerID must be restarted after you have enabled inventory for the account store. The process to follow depends on whether you are running a cloud instance of EmpowerID or have an on-premise installation.

For cloud instances

1. On the navbar, expand IT Shop and select Workflows.

2. Click Recycle Service Environment.
   

Image Removed

1. Image Added

2. Click Yes to confirm you want to recycle the environment.
   

Image Removed

1. Image Added

2. Click OK.
   

   Image Modified

For on-premise installations

1. Restart IIS.

2. Restart the EmpowerID services.

Now that the Account Inbox Permanent workflow is turned on and inventory for the account store is enabled you can monitor the inventory of users and groups from the Users and Groups tabs of the Account Store Details page.

Image Removed

Image Added