Azure Active Directory Integration in Genius

Introduction

This feature facilitates a seamless integration between Genius and Azure Active Directory, presenting a novel method for automatically downloading and creating users within the Genius platform. This integration streamlines user management processes, enhancing efficiency and reducing the potential for errors associated with manual entry.

Moreover, this feature can also be utilized to create or update existing accounts, thereby providing flexibility in how user data is managed.

• The fields involved in this process include UserName, FirstName, LastName, and email.

Settings in Azure Active Directory

Currently, the Genius development team is required to manually configure specific settings within Azure Active Directory. However, future updates are expected to empower users to manage these configurations independently, thereby simplifying the process and enhancing user control.

To enable this feature within Azure Active Directory, the Genius team requires four essential pieces of information:

1. Tenant ID

The Tenant ID, also referred to as the Directory ID, is a distinctive identifier assigned to a specific Azure Active Directory tenant. This Tenant ID represents an organization or a single instance of Azure AD and is created when the organization initially registers for Azure services.

To obtain this information, you can follow these steps within Azure Active Directory:

1. Navigate to the Azure Portal by visiting https://portal.azure.com.
2. Access the Azure Active Directory resource.
3. Copy the Tenant ID value displayed on the screen.

2. Client ID (also known as Application ID)

The Client ID serves as a unique identifier assigned to an application upon its registration in Azure Active Directory. This identifier plays a critical role in recognizing the application during its interactions with Azure AD. It is frequently utilized as a component of the authentication process to verify the identity of the application making requests.

To retrieve the Client ID, follow these steps:

1. Access the Azure Portal at https://portal.azure.com.
2. Go to the Azure Active Directory resource.
3. In the left menu, select “App Registrations.”
4. Create a new application registration.
5. Copy the Application (Client) ID that is provided.

3. Client Secret (also known as Application Secret or Client Key)

The Client Secret is a secure string that functions as a password or key for the application. This secret is crucial for authenticating the application when it makes requests to Azure AD or accesses protected resources. The Client Secret is generated during the application registration process and must be kept confidential to maintain the application's security integrity.

To obtain the Client Secret, you can follow these steps:

1. Log in to the Azure Portal at https://portal.azure.com.
2. Access the Azure Active Directory resource.
3. In the left menu, click on “App Registrations.”
4. Select the application you created in the previous step.
5. Navigate to the “Client credentials” section.
6. Go to the “Client Secrets” tab.
7. Add a new secret for your application.

4. Allowed Domains

This feature enables filtering users attempting to access Azure Active Directory based on their domain names.

For instance, if a client wishes to exclude users with email addresses that contain “@hotmail.com,” this property can be configured to filter those users out from the import job, ensuring that only the desired users are processed.

Example: “@hotmail.com,@gmail.com”

Configure Application Permissions

1. While still in the Azure Portal, on the left navigation pane, click on "Azure Active Directory."
2. Select "Permissions Explorer" to set up the required permissions for your application.
3. Choose "Other category" and search for "Microsoft Graph."
4. Select "Microsoft Graph" from the results and then choose the appropriate permissions for your application. For example, selecting "Directory.Read.All" will allow your application to read directory information. Your interface should resemble the following.

1. Click on "Add permissions" to save the changes you made.

How to Configure Genius

Client Settings

At this stage, the development team should collect these four pieces of information from the client, which will be manually added to the job configuration process.

Job Configuration

Once the developer has added this information, the client must navigate to the Admin Tab and access the Edit Jobs page. Here, the client will have the ability to create or edit the job titled “ActiveDirectory.Azure.StartFunction,” which can then be scheduled according to their specific needs.