In order to bring the user, group and license data in your Azure AD into Azure License Manager, you need to create a tenant for for your Azure AD in ALM.
To create an Azure AD tenant in ALMAfter setting up Azure and publishing the EmpowerID Azure AD SCIM microservice to your Azure tenant, you need to connect EmpowerID to the tenant to bring the user and group information in that tenant into EmpowerID, where it can be managed and synchronized with data in any connected back-end user directories.
Step 1 – Create an account store for Azure AD
On the navbar, expand expand Azure License Manager and click select Configuration.
Select the Tenants tab and then click the Add New Tenant button above on the Tenant grid header.
In 
Enter the following information in the Tenant form that appears, fill in the following information:
Account Store
App Service Url — Enter the URL for the Azure App Service. This is the base URL on the App service on the portal. EmpowerID uses this URL to make all calls to the EmpowerID SCIM microservice.
Application ID — Enter the Application ID for the EmpowerID application you registered for EmpowerID in Azure AD.
Tenant ID — Enter the ID of your Tenant. EmpowerID uses this to get the context for the submitting the access token that is used to inventory the resources in Azure and perform authorized CRUD operations against those resources.
Auth Certificate Thumbprint — Enter the thumbprint of the certificate you uploaded for the application you registered for EmpowerID in Azure AD and added to the EmpowerID Identity Warehouse. The thumbprint ensures that whenever the SCIM microservice calls are made for the account store, the handshake with Azure completes and an access token is granted.
When ready, click Save to create the tenant.
You should see the tenant in the grid.
Name – Name of your tenant
Azure App Service URL – URL for the SCIM app service you created in Azure
Azure Application (Client) ID – Client ID of the service principal application you registered in Azure for EmpowerID
Azure Directory (Tenant) ID – Your Tenant ID
Azure App Certificate Thumbprint – Thumbprint of the certificate you uploaded to Azure for the service principal application
Click Save.
EmpowerID creates the Azure AD account store and the associated resource system. The next step is to verify the resource system parameters match your tenant information.
Step 2 – Verify Resource System Parameters
On the navbar, expand Admin > Applications and Directories and select Account Stores and Systems.
On the Find Account Store page, select the Account Stores tab and search for the Azure AD account store you just created.
Click the Account Store link for the account store.
This directs you to the Account Store and Resource System page for the account store. This page contains several tabs related to the account store that you can access to view and manage the account store and resource system.
Select the Resource System tab and then expand the Configuration Parameters accordion on the page.
Verify the following parameters are correct for your system:
Insert excerpt IL:Azure AD Account Store Configuration Parameters IL:Azure AD Account Store Configuration Parameters nopanel true To edit the value of a parameter, click the Edit button for the parameter you want to edit.
Enter the new value in the Value field and click Save.
Repeat as needed.
Now that the Configuration Parameters have been updated, the next step is the configure Attribute Flow.
Step 3 – Configure Attribute Flow
| Insert excerpt | ||||||
|---|---|---|---|---|---|---|
|
Now that the attribute flow has been set, the next steps include configuring the account store and enabling EmpowerID to inventory it.
To configure account store settings
From the Account Stores tab of the Account Stores and Systems page, search for the account store you just created and click the Account Store link for it.Step 4 – Configure Account Store Settings
On the Account Store and Resource System Details page, click select the Account Store tab and then click the pencil icon Edit link to put the account store in edit mode.
This opens the edit page for the account store. This page allows you to specify the account proxy used to connect EmpowerID to your Azure AD as well as how you want EmpowerID to handle the user information it discovers in your Azure tenant during inventory. Settings that can be edited are relevant to the account store are described in the table below the image.
Insert excerpt IL:
Azure AD Account Store Settings V21 IL:
Azure AD Account Store Settings V21 nopanel true Edit the account store as needed and then click Save to save your changes.
Step 5 – Enable the Account Inbox Permanent Workflow
On the navbar, expand Infrastructure Admin > EmpowerID Server and Settings and select Permanent Workflows.
On the Permanent Workflows page, click the Display Name link for Account Inbox.
On the Permanent Workflow Details page that appears, click the pencil icon to put the workflow in edit mode.
Check Enabled.
Click Save to save your changes.
Step 6 – Enable Inventory on the Account Store
Return to the Account Store Details page for the account store.
Click the Edit link to put the account store in edit mode.
Select the Inventory tab and check Inventory Enabled.
Click Save.
Now that the Account Inbox Permanent workflow is turned on and inventory for the account store is enabled you can monitor the inventory of users and groups from the Users and Groups tabs of the Account Store Details page.
| Div | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
| Live Search | ||||||||
| size | large | labels | 2020||||||
IN THIS ARTICLE
|