Versions Compared

Old Version 1

changes.mady.by.user Phillip Hanegan

Saved on

compared with

New Version Current

changes.mady.by.user Phillip Hanegan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

EmpowerID provides connectors for a wide range of user directories and resource systems including Azure Active Directory. As an administrator, we can use these connectors to connect EmpowerID to your organization's identity-aware systems and applications.

We can create an account store for the application in the EmpowerID Identity Warehouse. Then we can use that account store to configure how we want EmpowerID to manage the identity information in that system.

Image Removed

You need to Publish the EmpowerID Azure AD SCIM microservice to your Azure tenant after setting up Azure. Then connect EmpowerID to the tenant to bring the user and group information in that tenant into EmpowerID. Then it can be managed and synchronized with data in any connected back-end user directories.

We need to follow the below steps for connecting to Azure Active Directory:

...

Create an account store for Azure AD

...

Verify Resource System Parameters

...

Configure Attribute Flow

...

Configure Account Store Settings

...

Enable the Account Inbox Permanent Workflow

...

The EmpowerID Azure Active Directory connector is a SCIM-compliant REST API microservice that you can deploy to Azure Active Directory to inventory user, group, group membership, role, and license information from an Azure tenant. The microservice is an enterprise-scale, high-security product that can be run on-premise or as Software-as-a-Service run by EmpowerID as Web and Application Server containers in the cloud or on-premise.

To access Azure Active Directory tenant data, the tenant needs to be configured for the microservice. Part of this configuration involves registering a service principal application for EmpowerID in Azure Active Directory and creating an Azure App Service to host the microservice. The microservice leverages certificate authentication, a system-assigned managed identity and app service authentication to enable secure fine-grained Graph API access, which includes read and write access to organization, user, group, role and license date in Azure Active Directory. The below image depicts the deployment model.

...

Info

The amount of information returned from Azure is configurable and may or may not include all the capabilities of the connector.

To connect EmpowerID to Azure involves the following:

  1. Register a service principal application for EmpowerID in Azure AD. As part of the registration process, you will upload to Azure the base-64 encoded public key certificate to secure HTTP traffic between EmpowerID and the microservice. The public key certificate that you upload to Azure must have a corresponding private key in the EmpowerID certificate store; otherwise, an error will occur when calling Azure’s API.

  2. Create an app service to host EmpowerID AD SCIM microservice in Azure, configure it to use the service principal application for authentication, and create a managed identity for it.

  3. Publish the Azure AD SCIM microservice to Azure.

  4. Set permissions needed by the managed identity to call Azure AD and Graph APIs on your behalf.

  5. Connect EmpowerID to Azure.

Page Properties
hiddentrue

Demonstration of Configuring the EmpowerID Azure AD Connection

https://youtu.be/bMU7dVB78gA

Insert excerpt
IL:External Stylesheet
IL:External Stylesheet
nopaneltrue

Info

Related Docs Topics:

Azure AD Active Directory Connector

Easy html macro
theme{"label":"solarized_dark","value":"solarized_dark"}
contentByMode{"html":"<!doctype html>\r\n<head>\r\n<link href=\"https://cdn.jsdelivr.net/npm/bootstrap@5.1.0/dist/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-KyZXEAg3QhqLMpG8r+8fhAXLRk2vvoC2f3B09zVXn8CA5QIVfZOJ3BCsw2P0p/We\" crossorigin=\"anonymous\">\r\n</head>\r\n<nav aria-label=\"...\">\r\n <ul class=\"pagination justify-content-center\">\r\n <li class=\"page-item\">\r\n <a class=\"page-link\" href=\"https://dotnetworkflow.jira.com/wiki/spaces/EID100EIDIGACore/pages/23738141662387741263/MicrosoftActive+Azure+LandscapeDirectory\" target=\"_top\"> &laquo; &nbsp;&nbsp;Previous</a>\r\n </li>\r\n <li class=\"page-item active\" aria-current=\"page\">\r\n <span class=\"page-link\">Current</span>\r\n </li>\r\n <li class=\"page-item\">\r\n <a class=\"page-link\" href=\"https://dotnetworkflow.jira.com/wiki/spaces/EID100EIDIGACore/pages/2373814213/Exchange+Online2387741379/Connecting+to+External+Systems+Exercise\" target=\"_top\"> Next&nbsp;&nbsp; &raquo;</a>\r\n </li>\r\n </ul>\r\n</nav>","javascript":"","css":""}