Azure AD Account Store Configuration Parameters

Owned by Phillip Hanegan
Last updated: Dec 07, 2021
1 min read

Please note that the values for ApplicationID, AuthCertificateThumbprint, and TenantID are encrypted and that you will not see the values in the user interface.

Setting

Value

AppServiceUrl

URL for the app service you created to host the EmpowerID SCIM microservice

This URL should precede all Azure endpoints called by the microservice. For example, if the AppServiceURl is https://eiddoc.azurewebsites.net, the value for:

  • CheckDeletedGroupUrl would be https://eiddoc.azurewebsites.net/EIDExtension/Groups/DeadObject,

  • CreateGroupURL would be https://eiddoc.azurewebsites.net/Groups,

  • CreateUserURL would be https://eiddoc.azurewebsites.net/Users,

and so on.

EnableAzureApplicationInventory

Set to True to inventory Azure application data; otherwise, set to False

Inventory data includes the following:

  • Azure Applications

  • Azure Application Templates

  • Service Principals

  • Application Role Assignments for Service Principals

  • Conditional Access Policies

EnableAzureDirectoryManagementInventory

Set to True to inventory Azure directory management data; otherwise, set to False

Inventory data includes the following:

  • Azure Directory Role Templates

  • Azure Directory Roles

  • Azure Directory Role Members

EnableAzureLicenseInventory

Set to True to inventory Azure license data; otherwise, set to False

Inventory data includes the following:

  • Subscribed SKU

EnableAzureRbacInventory

Set to True to inventory Azure RBAC data; otherwise, set to False

Inventory data includes the following:

  • Management Groups

  • Subscriptions

  • Resource Groups

  • RBAC Role Definitions

  • Resources

  • RBAC Role Assignments

  • Managed Identities

  • Classic Administrators

  • Org Contact

EnableDirectoryRoleMemberInventoryWithScope

Set to True to inventory Azure directory role member data; otherwise, set to False

When set to True, inventory data includes the following:

  • Directory Role Members that are scoped to applications

When set to False, inventory data includes the following:

  • Directory Role Members that are scoped to the directory

EnableSignInActivityInventory

Set to True to inventory Azure sign in activity data; otherwise, set to False

Sign in activity tracking begins at UTC Now at initial inventory of the Azure tenant; EmpowerID maintains sign in activity for the previous 180 days going forward.

Â