Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 13 Next »

Overview

This document provides instructions on how to connect to an API to import data from this application into your instance of Zilla.

In this guide, you will:

  1. Launch your application from inside Zilla

  2. Set up an API configuration

  3. Send your data securely to Zilla

Step-by-Step Instructions

This page outlines the process of configuring and using the Azure Active Directory API through Zilla to sync permissions and users.

Note: To do this operation you need to be an admin or application owner within Zilla & have admin access with your organization's Azure Active Directory-AAD ( Specifically Global administrator role ) application.

  • Login to Zilla with your admin credentials,

  • You will see your Zilla applications tab, Locate Add Application button at the right top, click it,

  • You will see Add Application screen with Search Library tab where you may see AAD entry at the top or you may need to type aad as search text, You will see an entry for Azure Active Directory with Add to Applications button on the right side, click it,

  • A dialog appears, add the required field Instance Name & you can choose to fill in optional fields for Owner & criticality. Click Add to Applications

  • The AAD instance will get added to your Applications, You can see it appear there. Click on the AAD app name,

  • You will see a detailed AAD Application page. On the right top, you will see Sync now button click it,

  • A dialog appears, Enable API Integration

  • Upon enabling the API Integration more customization options appear,

  1. First, in the Comma separated roles to be synced provide an AAD Specific roles list, if you want only users of certain roles on AAD to get synced. e.g. If you want to sync all Azure AD users leave this box empty. If you only want all users which are having Global administrator & Global reader roles your configuration will look like as follows:

    Note: If any roles are provided, the Sync All Accounts? (Yes/No) value will be considered No, even if you say Yes

  2. Second, Is this a directory? (Yes/No) if this is your organization directory then say Yes otherwise if it is a non-directory app say No, e.g. An organization that uses AAD as the directory will have the following configuration, By default, it will be No

  3. Sync All Accounts? ( Yes/No ) filling Yes here would sync all your organization users, No will sync only users who have any roles assigned to them, User without any roles will not be synced. Default value Yes (unless roles are specified under Comma separated roles to be synced in which case this configuration will always be No

  4. Finally, Sync All Groups? ( Yes/No ) will sync all groups from AAD if provided Yes otherwise only security-enabled groups are synced. Default is No

None of the above 1-4 configs are mandatory. Click the Next button,

  • Next, you will see a small dialog In the next step, you may be asked to log in to Azure Active Directory - first instance, and then sync will start automatically. Click Next

  • You will be taken to Microsoft site where you need to log in with the user with Admin ( Global administrator ) role for AAD & grant consent on behalf of the organization. Click Accept, On successful OAuth, you will be redirected to Zilla Web Application. With Sync in progress... message for newly added AAD application.

  • On successful sync, you will see a notification as follows,

  • You are done, now you can visit various tabs of the Application Details page for AAD on Zilla, to see what application data is brought in by sync, e.g. Accounts tab will have details of user accounts that are brought in.

  • If you see some errors or need further assistance, please contact Zilla Support.

Note: In some cases, the process of configuring and using the Azure Active Directory API through Zilla to sync permissions and users with your organization's AAD may be done by an Azure user with Global Reader permissions. When an Azure Global Reader makes the initial sync request the request will need to be approved within the Azure portal by a Global Administrator as shown in the steps below:

Step 1. Global Reader initiates Azure AD Sync to Zilla.  A consent request will be created in the Azure AD portal.

Step 2. In Azure AD go to Enterprise Applications, then Admin Consent Requests. The pending request appears waiting for approval.

Step 3. The Global Administrator approves the permissions request.

When you have finished with all the steps above, review the information in Zilla that was synced.

Having trouble? Try our Troubleshooting articles or contact support@zillasecurity.com.

  • No labels