Note: These instructions are for the 'classic' Azure portal. If you are using new Azure portal, please use these instructions. If you're unsure which portal you are using, if your URL is "https://manage.windowsazure.com/..." you are using the CLASSIC portal; if your URL is "https://portal.azure.com/..." you are using the NEW portal.
The Azure AD Integration allows system administrators to synchronize your users from your Azure active directory into the archive system. This feature is mainly designed to minimize the administration of users across multiple systems. Once the integration is established, users from your Azure active directory will be synchronized with the archive system.
Note: This is just a synchronization of user details. Setting up single-sign on is a seperate process
To setup or manage an existing integration navigate to the main settings page by selecting the cog in the top navigation bar, then select "Manage" in the Azure AD Sync panel.
- Add the archive application to your Azure management portal
- From your Azure management portal, navigate to Applications sections (Active Directory>[Directory]>Applications). Select 'Add' and then 'add an application my organization is developing'
- Give the application a name that will identify it within your Azure management portal and select 'web application and/or web API'
- Enter the Sign-on URL and App ID URI provided in step 1 of setting up a new directory sync from within the archive system.
- To generate a key, select a duration , either 1 or 2 years.
- Scroll to the bottom of the page to assign permissions to other applications.
- For Windows Azure Active Directory, open the application permissions dropdown, select the "Read directory data" checkbox.
- Open the 'Delegated permission' dropdown. By default "Sign in and ready user profile" is selected. Deselect it. Select "Read directory data"
- Click the 'SAVE' icon in the center of the bottom of the page.
- The application should be created, displaying the message "Successfully updated the configuration for [your app name]. Succeeded"
- The Key has now been generated in the Key field. Copy and store the key value. You won't be able to retrieve it after you leave this page.
- Once you have added the archiving application to your Azure management portal, navigate to the applications 'QuickStart' page in Azure. Click the 'Configure' tab of your application to access the Client ID, configure keys and assign permissions.
- You will need both the Client ID and a generated key
- Next, the Tenant ID is part of the QuickStart URL for your Active Directory an your application. This will be the same for multiple applications you may create within the same active directory.
- Enter the Client ID, generated Key, and Tenant ID into the specified fields in the archive application
- Once you've successfully established a connection between Azure and the archive application, you'll be able to map your attributes to the relevant fields.
- Email address, username (which can be the email address if you wish), and name are the only fields synchronized for the time being. This will be expanded as the application evolves.
- Lastly, the system will summarize your mapping and confirm the sync frequency. Currently this is a nightly option, as the application evolves you'll be able to customize this frequency.
- Finishing the setup will start an initial sync.
Status and Management
Once integrated, the status of your active directory integration can be monitored from within the settings page. Details on the status, last sync, and any conflicts can be reviewed and managed from this page as well as any necessary updates to credentials or attribute mappings by selecting 'Manage' within any of the relevant sections.
Users in your Azure active directory will be automatically created in the archive system. These users will initially be 'disabled' (see the KB article related to Enabling users for more information). Additionally, synchronized users will not be assigned any role in the system, when enabling them, a role will also need to be assigned (see the KB article related to assigning user roles for more information as this can be done individually or in bulk).
Similarly, users that are deleted from your Azure active directory after having been added to the archive system will be disabled on the next sync to ensure their access restricted.
Locating the Office 365 Tenant ID
Choose one of the following procedures.
Use the Azure AD portal
Office 365 uses Azure AD to manage user accounts.
You can find your tenant ID in the Azure AD portal. You'll need to be an Azure AD administrator.
To find your Office 365 tenant ID in the Azure AD portal
Log in to Azure AD as an administrator.
(You can reach Azure AD from the Office 365 Admin center by selecting Azure AD on the Admin centers list.)
In the Azure AD portal, click Active Directory.
In the Active Directory list, click the directory that you're using with your Office 365 tenant.
The tenant id for your Office 365 tenant is displayed as part of the URL:
Use Windows PowerShell
You can use Windows PowerShell to find the tenant ID. You'll need the Microsoft Azure PowerShell module.
Open a Microsoft Azure PowerShell command window and run the following script, entering your Office 365 credentials when prompted.
Your tenant ID is listed in the output.