This page outlines the process of configuring and using the Azure Active Directory API through Zilla to sync permissions and users.
Note: To do this operation you need to be an admin or application owner within Zilla & have admin access with your organization's Azure Active Directory-AAD ( Specifically Global administrator role ) application.
You will see Add Application screen with Search Library tab where you may see AAD entry at the top or you may need to type aad as search text, You will see an entry for Azure Active Directory with Add to Applications button on the right side, click it,
First, in the Comma separated roles to be synced provide an AAD Specific roles list, if you want only users of certain roles on AAD to get synced. e.g. If you want to sync all Azure AD users leave this box empty. If you only want all users which are having Global administrator & Global reader roles your configuration will look like as follows:
Note: If any roles are provided, the Sync All Accounts? (Yes/No) value will be considered No, even if you say Yes
Second, Is this a directory? (Yes/No) if this is your organization directory then say Yes otherwise if it is a non-directory app say No, e.g. An organization that uses AAD as the directory will have the following configuration, By default, it will be No
Sync All Accounts? ( Yes/No ) filling Yes here would sync all your organization users, No will sync only users who have any roles assigned to them, User without any roles will not be synced. Default value Yes (unless roles are specified under Comma separated roles to be synced in which case this configuration will always be No
Finally, Sync All Groups? ( Yes/No ) will sync all groups from AAD if provided Yes otherwise only security-enabled groups are synced. Default is No
None of the above 1-4 configs are mandatory. Click the Next button,
Next, you will see a small dialog In the next step, you may be asked to log in to Azure Active Directory - first instance, and then sync will start automatically. Click Next
You will be taken to Microsoft site where you need to log in with the user with Admin ( Global administrator ) role for AAD & grant consent on behalf of the organization. Click Accept, On successful OAuth, you will be redirected to Zilla Web Application. With Sync in progress... message for newly added AAD application.
You are done, now you can visit various tabs of the Application Details page for AAD on Zilla, to see what application data is brought in by sync, e.g. Accounts tab will have details of user accounts that are brought in.
If you see some errors or need further assistance, please contact Zilla Support.
Note: In some cases, the process of configuring and using the Azure Active Directory API through Zilla to sync permissions and users with your organization's AAD may be done by an Azure user with Global Reader permissions. When an Azure Global Reader makes the initial sync request the request will need to be approved within the Azure portal by a Global Administrator as shown in the steps below:
Step 1. Global Reader initiates Azure AD Sync to Zilla. A consent request will be created in the Azure AD portal.
Step 2. In Azure AD go to Enterprise Applications, then Admin Consent Requests. The pending request appears waiting for approval.
Step 3. The Global Administrator approves the permissions request.
