Entra ID (Azure AD) API Connector

Owned by Jon Espen Ingvaldsen (Unlicensed)
Last updated: Jan 10, 2024 by Mari Fuglem
3 min read

Start setup in Kantega SSO Enterprise

To add an Entra ID API Connector / User Directory, navigate to KSSO > Cloud user provisioning. Then add an Entra ID API Connector.

image-20240110-111723.png

 

The below form should appear. The next step is to create an application and credentials in Entra ID, which will allow you to complete the form.

image-20240105-141130.png

 

Configure Microsoft Entra ID (Azure AD)

EXTERNAL

Open a separate browser tab and log into the Azure portal:

Add the app

Go to App registrations in Azure portal: https://portal.azure.com/#view/Microsoft_AAD_RegisteredApps/ApplicationsListBlade

 

Click the "New registration" button. Give your app a name and leave "Supported account types" unchanged.

Let Redirect URI type be "Web" and copy the value given in the wizard of Kantega Single Sign-on.

 

Click "Register". Copy the "Application (client) ID" value into "Application Id" field in the form in Kantega Single Sign-on.

Generate a password

Click "Certificates & secrets" in left menu.

 

Select the tab Client secrets, and click "New client secret",

Add a description, set Expires to desired value (recommended: 6 months). Click "Add".

Copy VALUE of new secret and paste into the "Client secret" field in the form in Kantega Single Sign-on.

Configure permissions

  • Select "API permissions" in left menu

  • Click "Add a permission".



Click the upper banner "Microsoft Graph".

Then select "Application permissions",

expand the Directory item and check Directory.Read.All,


expand the Group item (you may need to scroll) and check Group.Read.All


and expand the User item and check User.Read.All.

Click "Add permissions"

Click the "Grand admin consent for <account>" button, and then click "Yes".

 

Go back to Kantega SSO

Complete the setup in Kantega SSO Enterprise

Check that everything looks good in KSSO Azure AD API Connector setup page and submit your setup

Add user directory

A user directory must be created to hold users and groups from Azure AD. Verify the configuration before adding the user directory. Check “Use nested groups” if you use nested groups in Azure AD.