Entra ID (Azure AD) API Connector
Start setup in Kantega SSO Enterprise
To add an Entra ID API Connector / User Directory, navigate to KSSO > Cloud user provisioning. Then add an Entra ID API Connector.
The below form should appear. The next step is to create an application and credentials in Entra ID, which will allow you to complete the form.
Configure Microsoft Entra ID (Azure AD)
EXTERNAL
Open a separate browser tab and log into the Azure portal:
Add the app
Go to App registrations in Azure portal: https://portal.azure.com/#view/Microsoft_AAD_RegisteredApps/ApplicationsListBlade
Click the "New registration" button. Give your app a name and leave "Supported account types" unchanged.
Let Redirect URI type be "Web" and copy the value given in the wizard of Kantega Single Sign-on.
Click "Register". Copy the "Application (client) ID" value into "Application Id" field in the form in Kantega Single Sign-on.
Generate a password
Click "Certificates & secrets" in left menu.
Select the tab Client secrets, and click "New client secret",
Add a description, set Expires to desired value (recommended: 6 months). Click "Add".
Copy VALUE of new secret and paste into the "Client secret" field in the form in Kantega Single Sign-on.
Configure permissions
Select "API permissions" in left menu
Click "Add a permission".
Click the upper banner "Microsoft Graph".
Then select "Application permissions",
expand the Directory item and check Directory.Read.All,
expand the Group item (you may need to scroll) and check Group.Read.All
and expand the User item and check User.Read.All.
Click "Add permissions"
Click the "Grand admin consent for <account>" button, and then click "Yes".
Go back to Kantega SSO
Complete the setup in Kantega SSO Enterprise
Check that everything looks good in KSSO Azure AD API Connector setup page and submit your setup
Add user directory
A user directory must be created to hold users and groups from Azure AD. Verify the configuration before adding the user directory. Check “Use nested groups” if you use nested groups in Azure AD.