Integrate with Azure Active Directory
Configure an app registration on Azure Active Directory
to enable SaaS Security to retrieve users and groups
If you performed an Azure Active Directory
integration for SaaS Security API, SaaS Security Inline
uses that same integration framework, and you do not need to repeat
this integration.
SaaS Security integrates with Azure Active
Directory (AD) to manage cloud-based identity and access management
service. After Azure AD connects to SaaS Security, the service retrieves
your groups, which you can specify in your SaaS policy rule recommendations.
Creating policy rule recommendations based on user group membership
rather than individual users simplifies administration because you
don’t need to update the recommendation whenever group membership
changes.
To integrate Azure AD, you need to:
- Configure an application registration on Azure AD.
- Connect Azure AD to SaaS Security.
- Select the AD groups you want to scan.
Configure an Application Registration on Azure AD
As you create an application on Azure AD to assign
SaaS Security the necessary permissions to establish a connection
with Azure AD and retrieve groups, record the
Directory ID
, Application
ID
, and Application Key
because
you will need this information later to connect Azure AD to SaaS
Security.- Log in to Microsoft Azure and select.Azure Active DirectoryApp registrationsNew registration
- Enter aName, selectAccounts in this organizational directory only, and clickRegister.
- Copy theApplication (client) ID.
- Copy theDirectory (tenant) ID.
- ClickAPI permissionsAdd a permissionMicrosoft GraphApplication permissions
- Select.DirectoryDirectory.Read.AllEnable permissions to read directory data to allow SaaS Security to connect to the Azure AD application to read users, groups, and apps in the organization’s directory.
- SelectandGroupGroup.Read.AllAdd permissions.Enable permissions to read all groups to allow Azure Active Directory to list groups, read their properties and membership, and enable SaaS Security to populate a list of groups to scan.
- ClickGrant consentand clickYesto confirm permission change.
- Select, enter aCertificates & secretsNew client secretDescription, select an expiration, and clickAdd.
- Copy the uniqueClient secret(Application Key).
Connect Azure Active Directory to SaaS Security
You need to connect Azure AD to SaaS Security
so that SaaS Security Inline and SaaS Security API can retrieve
all your AD groups.
After you
connect Azure AD to SaaS Security Inline, you might need to wait
up to 24 hours for all your AD groups to display in the SaaS Security
Inline web interface.
- Verify that you have an Azure AD account with administrator privileges.
- Log in to SaaS Security.
- Select.SettingsDirectory ServicesConnect New
- SelectAzure Active Directory, then enter AD information.
- Directory ID
- Application ID
- Authentication Key
- Saveto authenticate Azure Active Directory.You can give your Azure AD instance a descriptive name other than the default name, which is Azure Active Directory n, to differentiate it from other instances.
Recommended For You
Recommended Videos
Recommended videos not found.