...
Login to Azure Active Directory with your admin credentials.
Click
Azure Active Directory, and from their there you will be redirected to your tenant’s overview page.
Save the Primary domain for the tenant you want to sync for use in a future step.
Login to Zilla with your admin credentials.
You will see your Zilla Applications tab, click
Add Applicationbutton at the top right top.
You will see Add Application screen with Search Library tab. Type
aadAADas search text, and clickAdd to Applicationsbutton on the right side of the Azure Active Directory entry.
Fill in the form with appropriate details and click
Add to Applicationsbutton.
The AAD instance will be added to your Applications, click the Azure Active Directory application name.
You will see a detailed application instance page. Click
Sync nowin the top right corner.
A dialog dialogue appears, enable API Integration.
Upon enabling the API Integration more customization options appear.
4 in .AAD tenant's domain name- Fill in the domain name saved fromStepComma separated roles to be synced- Provide an AAD Specific roles list if you want only users of certain roles on AAD to get synced. For example, if you want to sync all Azure Active Directory users leave this box empty. If you only want all users which haveGlobal administrator & Global readerroles your configuration will look like:Note: If any roles are provided, the
Sync All Accounts? (Yes/No)value will be consideredNo, even if you sayYes.
3.
, unless roles are specified underSync All Accounts? ( Yes/No )-Yeswill sync all of your organization’s users,Nowill sync only users who have any roles assigned to them. Users without any roles will not be synced. By default, the value isYesComma separated roles to be syncedin which case this configuration will always beNo.
Sync All Groups? ( Yes/No )-Yeswill sync all groups from Azure Active Directory if provided, otherwise, only security-enabled groups are synced. By default, the value isNo.Comma-separated attributes that identify a user- Provide an AAD-specific attribute (job title, department, etc) for which you want to sync AAD users. For example, if you specify a department, only accounts that have a defined department will be imported.
Click
NextAuto Discover Azure Cloud subscriptions? (Yes/No)-Yesallows you to auto-discover all the Azure Cloud subscriptions, by default the value isNo.Auto Sync Child Apps? (Yes/No )-Yesallows the auto-discovered subscriptions to be automatically synced when the parent is synced, by default the value isNo. This value should be set toNoifAuto Discover Azure Cloud subscriptions? (Yes/No)is set toNo.Click
Sync Now.Click
Nextagain.
You will be taken to the
Microsoftsite where you need to login log in with the user with the Admin (Global administrator) role for AAD and grant consent on behalf of the organization.The consent screen will look like the image below when
Auto Discover Azure Cloud subscriptions? (Yes/No)is set toYes.
The consent screen will look like the image below when
Auto Discover Azure Cloud subscriptions? (Yes/No)is set toNo.
Click
Accept. On successful OAuth, you will be redirected to Zilla withSync in progress...message for newly added AAD application instance.
On successful sync, you will see the following notification:
Note: In some cases, the process of configuring and using the Azure Active Directory API through Zilla to sync permissions and users with your organization's AAD may be done by an Azure user with Global Reader permissions. When an Azure Global Reader makes the initial sync request the request will need to be approved within the Azure portal by a Global Administrator as shown in the steps below:
Step 1. Global Reader initiates Azure Active Directoy Directory sync to with Zilla. A consent request will be created in the Azure Active Directory portal.
...