Skip to main content

Setting up a target system administrator

Bravura Security Fabric uses a designated account on Microsoft Azure Active Directory to perform Bravura Security Fabric operations.

Create an app registration in Azure

  1. Log into the Microsoft Azure Active Directory portal.

  2. On the Azure Active Directory main page, under Manage click App registrations.

  3. Click New registration at the top of the screen.

  4. Enter a value for the Name field.

  5. Choose a value for Supported account type such as the default value of "Accounts in this organization directory only".

  6. Click Register.

Set the secret of the application (client) ID

  1. From the Azure Active Directory main page, go to the App Registrations page then choose the app configured earlier in Create an app registration in Azure .

  2. Under Manage, click on Certificates and Secrets.

  3. Click New client secret.

  4. Enter a value for the Description field.

  5. Choose a duration for when the client secret expires.

  6. Click Add.

  7. Take note of the value for the client secret as this will be the target administrator’s password.

  8. On the page for the new application, click Overview.

  9. Take note of the value for the Application (client) ID as this will be the target administrator’s username.

Set up permissions

  1. From the Azure Active Directory main page, go to the App Registrations page then choose the app configured earlier.

  2. Under Manage click on API permissions.

  3. Click Add a permission.

  4. Click Microsoft Graph.

  5. Click Delegated permissions.

  6. Search then add the following permissions:

    • User.Read

    • User.Read.All

    • User.ReadBasic.All

    • User.ReadWrite

    • User.ReadWrite.all

    After adding the permissions a warning may appear under the Status column in the API Permissions page specifying Not granted for ..... These warnings should be addressed when executing Step 9.

  7. Click Application Permissions.

  8. Search then add the User.ReadWrite.all permission.

  9. In the API Permissions page, click the button to Grant admin consent for .... then click Yes to confirm.

Expose an API

  1. From the Azure Active Directory main page, go to the App Registrations page then choose the app configured earlier.

  2. Under Manage click Expose an API.

  3. Click Set next to Application ID URI.

  4. If necessary, edit the value for Application ID URI, then click Save.

  5. Click Add a scope.

  6. Enter a value for the Scope name field.

  7. Set Who can consent? to "Admins and users".

  8. Enter a value for the Admin consent display name and Admin consent description fields.

  9. Click Add scope.

In this section: