This content has been moved to:
https://trustelem-doc.wallix.com/books/trustelem-administration/page/azure-ad-synchronization

Azure AD synchronization

The goal is to use Azure Active Directory as an identity provider for Trustelem.
It requires the creation of an “app” in Azure AD admin console for authorizing Trustelem to request Azure AD data

Create a directory Azure Active Directory on Trustelem

  • Go on the tab Directories
    https://admin-mydomain.trustelem.com/app#/directories

  • Click on Create and select Azure Active Directory.

Define the target Azure subscription

In the field Tenant ID enter here the tenant ID of your Azure subscription, e.g. contoso.onmicrosoft.com:

Authorize Trustelem to connect to Azure

  • Connect to https://portal.azure.com with an admin account

  • Go to Azure Active Directory then App registration

  • Click on button +Add

  • If needed, in section Owner, add an administrator

  • In section Required Permissions, add a permission and choose Microsoft Graph

    • Click on Application permissions
    • Select permission Read directory data in section Directory
    • Click on button Grant permissions for applying updates.

  • Apply these permissions by clicking on Grant admin consent for [Your Company]

  • Go to Overview, copy the value given in Application (client) ID and paste it in the field Client ID on Trustelem

  • Go to Certificates and secrets, click on New client secret, give it a name and confirm it

  • Then copy the value given in the Value field and paste it in the field ClientSecret on Trustelem

Use Azure passwords for authenticating users on Trustelem (optional)

  • On the admin page of the app previously created, go to Authentication

  • In Advanced Settings, for the Treat application as a public client option, check yes

  • Again, write the Client ID value (needed for compatibility with older Azure versions) paste it in the field Client ID on Trustelem

Notes:

  • If you have the application Office 365 in Trustelem, that means you have federated an Azure domain.

  • For a federated domain, Azure AD disable user passwords.

  • If the passwords are disabled, Trustelem can’t get them using API and therefore, can’t use Azure passwords for authenticating users on Trustelem.