Preparation
Before Bravura Security Fabric can perform operations in Microsoft Azure Active Directory, you must:
On Bravura Security Fabric server, ensure winhttp proxy is correctly configured if proxy is in use. You can do that by running the command:
netsh winhttp set proxy <ipaddress:port>See Managing proxy servers for more information.
You can configure a proxy in the target's configuration as well, but that will not be enough to make the integration work; In fact, this parameter will not need to be configured at all, once you configure the Azure service correctly for integration.
Set up an Application on the Microsoft Azure Active Directory for the administrative credentials .
Know the domain name for the Microsoft Azure Active Directory.
Setting up a target system administrator
Bravura Security Fabric uses a designated account on Microsoft Azure Active Directory to perform Bravura Security Fabric operations.
Create an app registration in Azure
Log into the Microsoft Azure Active Directory portal.
On the Azure Active Directory main page, under Manage click App registrations.
Click New registration at the top of the screen.
Enter a value for the Name field.
Choose a value for Supported account type such as the default value of "Accounts in this organization directory only".
Click Register.
Set the secret of the application (client) ID
From the Azure Active Directory main page, go to the App Registrations page then choose the app configured earlier in Create an app registration in Azure .
Under Manage, click on Certificates and Secrets.
Click New client secret.
Enter a value for the Description field.
Choose a duration for when the client secret expires.
Click Add.
Take note of the value for the client secret as this will be the target administrator’s password.
On the page for the new application, click Overview.
Take note of the value for the Application (client) ID as this will be the target administrator’s username.
Set up permissions
From the Azure Active Directory main page, go to the page then choose the app configured earlier.
Under Manage click on API permissions.
Click Add a permission.
Click Microsoft Graph.
Click Delegated permissions.
Search then add the following permissions:
User.Read
User.Read.All
User.ReadBasic.All
User.ReadWrite
User.ReadWrite.all
After adding the permissions a warning may appear under the Status column in the page specifying
Not granted for .....These warnings should be addressed when executing Step 9.Click Application Permissions.
Search then add the User.ReadWrite.all permission.
In the page, click the button to Grant admin consent for .... then click Yes to confirm.
Expose an API
From the Azure Active Directory main page, go to the page then choose the app configured earlier.
Under Manage click Expose an API.
Click Set next to Application ID URI.
If necessary, edit the value for Application ID URI, then click Save.
Click Add a scope.
Enter a value for the Scope name field.
Set Who can consent? to "Admins and users".
Enter a value for the Admin consent display name and Admin consent description fields.
Click Add scope.
Creating a template account
Bravura Security Fabric uses template accounts as models or "blueprints" for creating new accounts in Microsoft Azure Active Directory. The following example illustrates how you can create a template account in Microsoft Azure Active Directory:
Log into the Microsoft Azure Active Directory portal.
On the Azure Active Directory main page, click Users.
Click New user at the top of the screen.
Enter a value for the "User name", "Name", "First name", and "Last name" fields.
If needed, change the value for "Roles" to another directory role.
Click Create.
Click Reset password to assign a temporary password for the user.
You can disable the account if it is to be used only as a template account or enabled later. You can do this by clicking user under the Users tab, and selecting
Blockfor Allow the user to sign in and access services?.