Page Comparison

1. Login to Microsoft Azure Active Directory with your admin credentials.

2. Click Microsoft Entra ID Azure Active Directory to be redirected to your tenant’s overview page.
   

   Image RemovedImage Added

3. Copy and save the Primary domain for the tenant you want to sync for use in a later step.
   

   

4. Login to Zilla with your admin credentials.
   

   

5. You will see your Zilla Applications tab, click Add Application button at the top right.
   

   Image RemovedImage Added

6. You will see Add Application screen with Search Library tab. Type entra aad as search text, and click Add to Applications button on the right side of the Microsoft Entra ID (Azure Active Directory) entry.
   

   Image RemovedImage Added

7. Fill in the form with appropriate details and click Add to Applications button.
   

   Image RemovedImage Added

8. The Entra ID AAD instance will be added to your Applications, and you will be brought to click the Azure Active Directory application name.
   

   Image Added

9. You will see a detailed application instance page. Click Sync now in the top right corner.
   

   Image RemovedImage Added

10. A dialogue appears, enable API Integration.
    

    Image RemovedImage Added

11. Upon enabling the API Integration more customization customisation options appear.

    Image RemovedImage Added

    1. AAD tenant's domain name - Fill in the domain name saved above.

    2. Sync All Groups? ( Yes/No ) - Yes will sync all groups from Entra IDAzure Active Directory, No will only sync security-enabled groups. Default value: No.

    3. Comma-separated attributes that identify a user - Provide an Entra ID AAD-specific attribute (e.g., employeeId, jobTitle, department, etc) for which you want to sync Entra ID AAD users. For example, if you specify department, only accounts that have a defined department will be imported. If multiple attributes are specified, all accounts having at least one of the attributes defined will be imported. Be sure to refer to this document before entering the attribute, otherwise all the accounts will be marked as Service if the attribute does not match with what is specified in the document.

    4. Auto Discover Azure Cloud subscriptions? (Yes/No) - Yes will auto-discover all the Azure Cloud subscriptions and create application instances for them in Zilla. Default value: No.

    5. Auto Sync discovered subscriptions? (Yes/No ) - Yes will automatically sync the auto-discovered subscriptions when the parent is synced. This value should be set to No if Auto Discover Azure Cloud subscriptions? (Yes/No) is set to No. Default value: No.

    6. Enable account modifications? (Yes/No) - Yes will automatically revoke group memberships, group ownerships and permissions that have been flagged for revocation after an access review during a sync. Note: This setting is only available if Account Modifications are enabled in the tenant Settings.

    7. Sync last login? (Yes/No) - Yes will bring lastLogin for a user. Default No.
       
       Note:

       1. To complete configuration of this setting you must reauthenticate after setting Yes, check “Reauthenticate API integration” box if this is not the first sync.

       2. Also, user who is authorizing the sync should have one of the following roles:

          1. Global Administrator

          2. Global Reader

          3. Security Administrator

          4. Security Reader

          5. Conditional Access Administrator

       3. The last login data that is synced matches what is displayed on the User’s Overview page.

          

    8. Comma separated custom select fields (e.g., country, id) - This configuration allows you to retrieve additional fields from Microsoft Entra ID Azure Active Directory (AAD) by specifying a comma-separated list of field names. For example, you can input "city, officeLocation" to retrieve the city and office location field. For more info refer this https://learn.microsoft.com/en-us/graph/query-parameters?tabs=http#select-parameter.

...

12. Click Sync Now.

13. Click Next.
    

    

14. You will be taken to the Microsoft site where you need to log in with a user with the Admin (Global administrator) role for Azure portal AAD and grant consent on behalf of the organization.

15. The consent screen will look like the image below when Auto Discover Azure Cloud subscriptions? (Yes/No) is set to Yes.

    

16. The consent screen will look like the image below when Auto Discover Azure Cloud subscriptions? (Yes/No) is set to No.

    

17. The consent screen will look like the image below when Enable account modifications? (Yes/No)(Yes/No) is set to Yes. Highlighted permissions are the new ones for consent if you have previously synced Entra ID AAD with Enable account modifications? (Yes/No) set as No.

    

18. Click Accept. On successful OAuth, you will be redirected to Zilla with Sync in progress... message for newly added Entra ID AAD application instance.

19. On successful sync, you will see the following notification:
    

    Image RemovedImage Added

Note: In some cases, the process of configuring and using Entra ID the Azure Active Directory API through Zilla to sync permissions and users with your organization's Entra ID AAD may be done by an Azure user with Global Reader permissions. When an Azure Global Reader makes the initial sync request the request will need to be approved within the Azure portal by a Global Administrator as shown in the steps below:

Step 1. Global Reader initiates Entra ID Azure Active Directory sync with Zilla.  A consent request will be created in the Azure Active Directory portal.

...

Step 2. In Entra ID Azure Active Directory go to Enterprise applications, then Admin consent requests. The pending request appears waiting for approval.

...

...