VIDEO: Configure Azure in Active Roles 7.2 And Above (Part 1 of 2) (234767)

Enhancement Request ID 139546 has been created to simplify the Azure Configuration process and to move it to the Active Roles Configuration Center.

Product Management will evaluate the request and this feature may become available in a future release of the product. There are no guarantees that this specific enhancement request will be implemented in a future release. For more information regarding our Enhancement Request policy, refer to our Global Support Guide on the Support Portal at: https://support.oneidentity.com/essentials/support-guide/

The below steps outline the process of integrating Microsoft Azure with Active Roles 7.2 so that Active Roles can create and edit objects. A video is available below.

For steps on configuring the Active Roles Synchronization Service for a Back Sync which links objects already in Azure with on-prem Active Directory objects, please see Part 2.

1. Log into the Azure Portal and choose Help | Show Diagnotics. This will download a file called PortalDiagnostics.json which contains the necessary information.
2. Open PortalDiagnostics.json in WordPad and find the "tenants" section. This will contain the id and domainName which are required in order to complete the integration.
3. In the Active Roles Web Interface, click on Directory Management | Azure Configuration and choose the option to Add Azure Tenant
4. The Azure Tenant Name must be the domainName from PortalDiagnostics.json. The Azure Tenant ID must be the id from PortalDiagnostics.json.
5. An Azure Service Account which has the Global Administrator role must be used for the initial Azure configuration and to complete the following steps. After the configuration is complete, the Global Administrator Role can be retained or the Azure service account can be changed to have both the User Management Administrator and Exchange Administrator roles.
6. The Azure Tenant Type can be confirmed in the Azure Portal under Azure Active Directory | Custom Domain Names. If the Domain is not checked off as Federated then it must be integrated as a Non-Federated Domain if AADConnect is not being used and as a Synchronized Domain if it is.
7. After the Azure Tenant has been added, choose the option to Add Azure Application
8. The Display Name must be unique on the Azure side. The Azure Tenant ID must be the id from PortalDiagnostics.json.
9. After the Azure application has been added, the necessary permissions must be granted using the Consent URL. Open the URL and log in with a Global Administrator account. Choose Accept.
10. In the Active Roles Console, expand Configuration | Policies | Administration | Builtin
11. Link the Built-in Policy - Azure - Default Rules to Generate Properties to the containers where the on-prem Active Directory accounts for Azure Users will reside.
12. On those same containers, using Advanced Properties, set the edsvaAzureOffice365Enabled attribute to TRUE. Optionally, also set edsvaAzureOffice365EnabledIncludeChildOUs so that child containers are also selected.

NOTE: In Active Roles 7.4.3, step 12 can be skipped because of Enhancement ID 99213 which sets edsvaAzureOffice365Enabled to TRUE if the Built-in Policy - Azure - Default Rules to Generate Properties policy is linked.