Azure Active Directory (AAD)

1. Login to Azure Active Directory with your admin credentials.

2. Click Azure Active Directory, from their you will be redirected to your tenant’s overview page.

   

3. Save the Primary domain for the tenant you want to sync for use in a future step.

   

4. Login to Zilla with your admin credentials.

   

5. You will see your Zilla Applications tab, click Add Application button at the right top.

   

6. You will see Add Application screen with Search Library tab. Type aad as search text, and click Add to Applications button on the right side of the Azure Active Directory entry.

   

7. Fill in the form with appropriate details and click Add to Applications button.

   

8. The AAD instance will be added to your Applications, click the Azure Active Directory application name.

   

9. You will see a detailed application instance page. Click Sync now in top right corner.

   

10. A dialog appears, enable API Integration.

    

11. Upon enabling the API Integration more customization options appear.

    

    1. AAD tenant's domain name - Fill in the domain name saved from Step 4 in .

    2. Comma separated roles to be synced - Provide an AAD Specific roles list if you want only users of certain roles on AAD to get synced. For example, if you want to sync all Azure Active Directory users leave this box empty. If you only want all users which have Global administrator & Global reader roles your configuration will look like:

       Note: If any roles are provided, the Sync All Accounts? (Yes/No) value will be considered No, even if you say Yes.

       

    3. Is this a directory? (Yes/No) - If this is your organization's directory then input Yes otherwise if it is a non-directory application input No. By default the value is No.

       

    4. Sync All Accounts? ( Yes/No ) - Yes will sync all of your organization’s users, No will sync only users who have any roles assigned to them. Users without any roles will not be synced. By default the value is Yes, unless roles are specified under Comma separated roles to be synced in which case this configuration will always be No.

    5. Sync All Groups? ( Yes/No ) - Yes will sync all groups from Azure Active Directory if provided, otherwise only security-enabled groups are synced. By default the value is No.

    6. Comma separated attributes that identify a user - Provide an AAD specific attribute (job title, department, etc) for which you want to sync AAD users. For example, if you specify department, only accounts that have defined department will be imported.

    Click Next.

12. Click Next again.

    

13. You will be taken to Microsoft site where you need to login with the user with Admin (Global administrator) role for AAD and grant consent on behalf of the organization. Click Accept. On successful OAuth, you will be redirected to Zilla with Sync in progress... message for newly added AAD application instance.

    

14. On successful sync, you will see the following notification:

    

Note: In some cases, the process of configuring and using the Azure Active Directory API through Zilla to sync permissions and users with your organization's AAD may be done by an Azure user with Global Reader permissions. When an Azure Global Reader makes the initial sync request the request will need to be approved within the Azure portal by a Global Administrator as shown in the steps below:

Step 1. Global Reader initiates Azure Active Directoy sync to Zilla.  A consent request will be created in the Azure Active Directory portal.

Step 2. In Azure Active Directory go to Enterprise applications, then Admin consent requests. The pending request appears waiting for approval.

Step 3. The Global Administrator approves the permissions request by clicking Accept.

Note: If you try to sync in a tenant other than for which you have entered the domain, Microsoft will return an error message.