Configuration for Microsoft Cloud (O365/Azure)

Owned by Fernando Sayago (Unlicensed)
Last updated: Aug 08, 2017
4 min read

Open the Identity Syncronizer® Management Studio, and look for the 'Microsoft Cloud' tab

1.- Insert a user name and password for a local AD administrator in the “AD Admin User” and “AD Admin Password” fields

 

2.Log into Azure using the credentials provided in the Odin Control Panel

Log into the CCP

Click on the Office 365 tab, and, click on the “show” link to see the password :

Then, use those credentials to log into Azure (https://portal.azure.com)

Click on “Azure Active Directory”

Click on “App registrations”

Click on “New Application registration” near the top of the screen


Enter the following information for the application

Name: can be anything, for ease of identification “IDSync” is recommended

ApplicationType: Web app / API

Sign-on URL: https://idsync.com

Click on the “Create” button

Click on the newly created application

The value in the "Application ID" field will be used in the Identity Syncronizer Management Studio configuration

To populate the “Client ID” field in the "Microsoft Cloud" tab


Then, create a key for the application

Click on “keys”


Enter the following data  

Key description: any text can be entered here, “IDSync Access” recommended

Duration: any of the values can be used. If any value other than “Never Expires” is chosen a new key will need to be generated after this key expires

And, click on the “Save” button (this will fill in the key value field)


Copy the value and insert it in the “Client key” field in the Identity Syncronizer® configuration


Click on “Required Permissions”

Click “add” to allow API access

Select the following APIs and Permissions

API:   Office 365 Exchange Online

Permissions:    Read contacts in all mailboxes, Read and write contacts in all mailboxes, Read and write all user mailbox settings


API:  Microsoft Graph

Permissions : Read all hidden memberships,  Read all groups,   Read and Write all groups,   Read Directory Data,  Read and write directory data,  Read All users’ full profiles, and,   Read and Write all users’ full profiles

Now, go back to the Identity Syncronizer® Management Studio

And, enter the O365 administrator user name and password (from the Odin control panel) in the IDSync configuration

Enter the tenant name for the O365 tenant in the “tenant” field – this will generally be the text after the “@” of the user name. In this example , this would be  “idsyncdevelopment.onmicrosoft.com

Click the “apply” button to save these configurations

Run the following commands in powershell – “b1f6d042-8c09-4227-9996-5e16a3086d54” is the client Id entered in the IDSync configuration

$msolcred = get-credential

connect-msolservice -credential $msolcred

Get-MsolServicePrincipal -AppPrincipalId b1f6d042-8c09-4227-9996-5e16a3086d54

Copy the object id from the output (a321047c-0e28-4f32-9dba-726dae4834de) and run the following PowerShell command to give the IDSync application the privileges it needs:

add-msolrolemember -RoleName "User Account Administrator" -RoleMemberType ServicePrincipal -RolememberobjectId a321047c-0e28-4f32-9dba-726dae4834de