Microsoft Entra (Graph API) Connector Resource Samples

Last modified 21 Nov 2023 08:17 +01:00

Table of Contents

Description
Resource Setup
Permissions
Resource Configuration Example
- Resource Sample

Description

Samples for Microsoft Entra (Azure) services (Office365, Entra ID) identity connector based on Graph API.

Resource Setup

Create your application in Entra ID (former Azure Active Directory), for more information how to create it please see https://docs.microsoft.com/en-us/microsoft-identity-manager/microsoft-identity-manager-2016-connector-graph.
Add all DELEGATED permissions - see Permissions.
Fill all required Configuration properties in resource (clientId, clientSecret, tenantId) see "Resource Configuration Example".

Permissions

Directory.Read.All → Delegated persmission
Directory.REadWrite.All → Delegated permission
Group.Create → Application permission
Group.Read.All → Delegated permission
Group.Read.All → Aplication permision
Group.ReadWrite.All → Delegated permission
Group.ReadWrite.All → Application permission
Group.Selected →Application permission
GroupMember.Read.All → Delegated permission
GroupMember.Read.All → Application permission
GroupMember.ReadWrite.All → Delegated permission
GroupMember.ReadWrite.All → Application permission
PrivilegedAccess.Read.AsureADGroup → Delegated permission
PrivilegedAccess.Read.AsureADGroup → Application permission
PrivilegedAccess.ReadWrite.AsureADGroup → Delegated permission
PrivilegedAccess.ReadWrite.AsureADGroup → Application permission
User.Read → Delegated permission
User.Read.All → Delegated permission
User.Read.All → Application permission
User.ReadWrite.All → Delegated permission
User.ReadWrite.All → Application permission

For SharePoint you need also:

User.Read.All → Delegated permission
User.ReadWrite.All → Delegated permission

Resource Configuration Example

<connectorConfiguration>
        <icfc:configurationProperties>
            <icfccp:clientId>246a80b7-ec7c-499b-a831-ede2aa690045</icfccp:clientId>
            <icfccp:clientSecret>
                <t:clearValue>F0B44r~T35tDtestS7es7~abcdefM_abcdef</t:clearValue>
            </icfccp:clientSecret>
            <icfccp:tenantId>67dffb51-8b08-47b8-8810-d7ff424af4d2</icfccp:tenantId>
        </icfc:configurationProperties>
</connectorConfiguration>

Notes:

SSL certificates which have to be added to midpoint keystore for connecting to the resource.

DigiCert Global Root CA
DigiCert Global Root G2

Resource Sample

See resource samples in Git samples directory for Entra ID (Azure Active directory) connector (master).

Was this page helpful?

YES NO

Thanks for your feedback