Versions Compared

Version Old Version 14 New Version 15
Changes made by

Branko Matijasevic

Christine Gross

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Include Page
API Header
API Header

...

Info

Note: To do this operation you need to be an admin or application owner within Zilla

...

and have admin access with your organization's Azure Active Directory-AAD

...

application, specifically Global administrator role.

  1. Login to Azure Active Directory with your admin credentials.

  2. Click Azure Active Directory, from their you will be redirected to your tenant’s overview page.

    Image Added

  3. Save the Primary domain for the tenant you want to sync for use in a future step.

    Image Added

  4. Login to Zilla with your admin credentials

...

  1. .

    Image Modified

  2. You will see your Zilla

...

  1. Applications tab,

...

  1. click Add Application button at the right top

...

  1. .

    Image Modified

  2. You will see Add Application screen with Search Library tab

...

  1. . Type aad as search text,

...

  1. and click Add to Applications button on the right side

...

  1. of the Azure Active Directory entry.

    Image Modified

...

  2. Fill in the form with appropriate details and click Add to Applications button.

...

  1. Image Added

  2. The AAD instance will

...

  1. be added to your Applications,

...

  1. click the Azure Active Directory application name.

    Image Modified

  2. You will see a detailed

...

  1. application instance page.

...

  1. Click Sync now in top right corner.

    Image Modified

  2. A dialog appears,

...

  1. enable API Integration.

    Image Modified

  2. Upon enabling the API Integration more customization options appear

...

  1. .

...

  1. First, in the Image Added

    1. AAD tenant's domain name - Fill in the domain name saved from Step 4 in .

    2. Comma separated roles to be synced

    provide

    1. - Provide an AAD Specific roles list

    ,

    1. if you want only users of certain roles on AAD to get synced.

    e.g. If

    1. For example, if you want to sync all Azure

    AD

    1. Active Directory users leave this box empty. If you only want all users which

    are having

    1. have Global administrator & Global reader roles your configuration will look like

    as follows

    1. :

    Image Removed

    1. Note: If any roles are provided, the Sync All Accounts? (Yes/No) value will be considered No, even if you say Yes.

      Image Added

    Second,

    2. Is this a directory? (Yes/No)

    if

    1. - If this is your organization's directory then

    say

    1. input Yes otherwise if it is a non-directory

    app say No, e.g. An organization that uses AAD as the directory will have the following configuration, By default, it will be No

    1. application input No. By default the value is No.

      Image Modified

    2. Sync All Accounts? ( Yes/No )

    filling

    1. - Yes

    here would

    1. will sync all of your

    organization

    1. organization’s users, No will sync only users who have any roles assigned to them

    , User

    1. . Users without any roles will not be synced.

    Default

    1. By default the value is Yes

    (

    1. , unless roles are specified under Comma separated roles to be synced in which case this configuration will always be No.

    Finally,

    1. Sync All Groups? ( Yes/No ) - Yes will sync all groups from

    AAD

    1. Azure Active Directory if provided

    Yes

    1. , otherwise only security-enabled groups are synced.

    Default

    1. By default the value is No

None of the above 1-4 configs are mandatory. Click the Next button,

...

    1. .

    2. Comma separated attributes that identify a user - Provide an AAD specific attribute (job title, department, etc) for which you want to sync AAD users. For example, if you specify department, only accounts that have defined department will be imported.

    Click Next.

  2. Click Next again.

    Image Modified

  3. You will be taken to Microsoft site where you need to

...

  1. login with the user with Admin (Global administrator) role for AAD

...

  1. and grant consent on behalf of the organization. Click Accept

...

  1. . On successful OAuth, you will be redirected to Zilla

...

  1. with Sync in progress... message for newly added AAD application instance.

    Image Modified

  2. On successful sync, you will see

...

  • You are done, now you can visit various tabs of the Application Details page for AAD on Zilla, to see what application data is brought in by sync, e.g. Accounts tab will have details of user accounts that are brought in.

  • If you see some errors or need further assistance, please contact Zilla Support.

  1. the following notification:

    Image Added

Note: In some cases, the process of configuring and using the Azure Active Directory API through Zilla to sync permissions and users with your organization's AAD may be done by an Azure user with Global Reader permissions. When an Azure Global Reader makes the initial sync request the request will need to be approved within the Azure portal by a Global Administrator as shown in the steps below:

...

Step 1. Global Reader initiates Azure AD Sync Active Directoy sync to Zilla.  A consent request will be created in the Azure AD Active Directory portal.

...

Step 2. In Azure AD Active Directory go to Enterprise Applicationsapplications, then Admin Consent Requestsconsent requests. The pending request appears waiting for approval.

...

Step 3. The Global Administrator approves the permissions request by clicking Accept.

...

Note: If you try to sync in a tenant other than for which you have entered the domain, Microsoft will return an error message.

...

Include Page
Integrations Footer
Integrations Footer