Overview
This will allow Microsoft Entra ID users to sync to the TraitWare Admin Console. This step is a prerequisite for using TraitWare to authenticate to Microsoft Office 365 and other Microsoft services, including EAM.
TABLE OF CONTENTS
- Create Azure Application and Secret
- Set Graph API Permissions
- Set Graph API Credentials in TraitWare Console
- Create Group in Entra/Azure
- Set Up TraitWare User Sync
- Additional Information
Create Azure Application and Secret
- Navigate to the Microsoft Azure Portal. Sign in using the credentials provided. Under Azure Services, click on Entra ID
- Under Manage on the left column, click App registrations. Then click New Registration to create a new application
- Create a name that’ll identify this new application, such as a “TraitWare graphAPI”. Leave other settings as default, select register at the bottom
- Once the application appears, click on the newly created application name. This will change the options under Manage on the left column.
- Select Certificates & secrets. Then select New client secret, write a description for the new secret and change the expiration date to 730 days (2 years).
- Click add at the bottom.
- The new secret will be temporarily displayed.
- Copy that value into the TraitWare Console User settings page or else the secret will not be displayed again.
- A new secret can always be regenerated if needed but it will require redoing the previous step.
Set Graph API Permissions
- In the left column under Manage select API permissions. Then select + Add a permission
- Select Microsoft Graph, then click Application Permissions
- Scroll down to user or type ‘user’ into the search field. Click on the drop down arrow and select User.ReadWrite.All and User.Read.All and select add permissions
- Scroll down to group or type ‘group’ into the search field. Click on the drop down arrow and select Group.Read.All and select add permission
- Scroll down to directory or type ‘directory' into the search field. Click on the drop down arrow and select Directory.Read.All and add permission
- Scroll down to IdentityProvider or type ‘identity' into the search field. Click on the drop down arrow and select IdentityProvider.ReadWrite.All and add permission.
- Select Yes to confirm consent. A confirmation message should indicate successfully granted permissions
- Green check marks should appear in the Status column
Set Graph API Credentials in TraitWare Console
- In the application just created in Azure, select Overview on the left to see the application Overview. TraitWare will need some of the information provided below the display name.
- Application (client) ID and Directory (tenant) ID will need to be copied to the TraitWare Console User Sync screen, along with the Secret generated earlier.
- In the TraitWare Console, navigate to User Sync>Sync Settings.
- Enter the Application (client) ID, Directory (tenant) ID and Secret in the Entra Environment Settings.
Create Group in Entra/Azure
Create groups in Entra/Azure to sync groups of users to TraitWare. If is not recommended to sync all users because that will also sync non-human accounts.
- Navigate to Entra ID/Azure. Select groups from the left column, then select new group from the taskbar
- Select Security under Group type.
- Enter the name of the group and description.
- Click Create
- Once created, the page will return to Groups. New groups take approximately 2 minutes to populate.
- Click on the newly created group and click the copy button on the right side of the Object Id field
- Click on Members on the left side of the browser window. Click on Add members. Search for users to add to the group. When finished click Select. The users will be added to the group
Set Up TraitWare User Sync
- Navigate to the TraitWare console, click on User Sync on the left menu column.
- Select Microsoft Graph API from the sync type dropdown.
- Paste the Application (client) ID, Directory (tenant) ID, and Client Secret generated earlier into the corresponding fields.
- Select Save Changes when done.
- Entra groups individually sync by default. Wait approximately 5 minutes for the users to sync from Entra AD to TraitWare. The users should populate in the TraitWare Console by refreshing the User page
**Note: Synchronize All Users toggle will synchronize all users in the tenant to the TraitWare console. Do not enable unless syncing all users is desired
Additional Information
- For steps on how to federate your Microsoft tenant domain using, go here.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article