To create a connection to Windows Azure Active Directory, you need to use One Identity Quick Connect Sync Engine in conjunction with a special connector called Windows Azure AD Connector. This connector is included in the Quick Connect for Cloud Services package.
The Windows Azure AD Connector supports the following features:
|
Feature |
Supported |
|
Bidirectional synchronization Allows you to read and write data in the connected data system. |
Yes |
|
Delta processing mode Allows you to process only the data that has changed in the connected data system since the last synchronization operation, thereby reducing the overall synchronization operation time. |
Yes |
|
Password synchronization Allows you to synchronize user passwords from an Active Directory domain to the connected data system. |
Yes |
|
Secure Sockets Layer (SSL) data encryption Uses SSL to encrypt data that is transmitted between One Identity Quick Connect Sync Engine and connected data system. |
Yes |
In this section:
For instructions on how to rename a connection, delete a connection, synchronize passwords in a connected data system, or modify synchronization scope for a connection, see the One Identity Quick Connect Sync Engine Administrator Guide.
To create a connection, complete the following steps:
One Identity Quick Connect for Cloud Services reads and writes data in Windows Azure Active Directory by using an application existing in your Windows Azure Active Directory environment. This step describes how to configure such an application.
To configure an application
You can assign the required permissions to the application by running a Windows PowerShell script. Below is an example of such a script. To run the script, you need to install Windows Azure PowerShell on your computer.
# Replace <ClientId> with the Client ID of the Active Roles Azure AD Connector Application (example format: 455ad643-332g-32h7-q004-8ba89ce65ae26)
$Id = "<ClientID>"
# Prompt for Windows Azure AD Global Admin credentials.
# Save the supplied credentials to the $creds variable.
$creds=get-credential
Active
# Connect to Azure AD using the credentials stored in $creds.
connect-msolservice -credential $creds
# Get the Principal ID of the Active Roles Azure AD Connector Application and save it to the $servicePrincipal variable
$servicePrincipal = Get-MsolServicePrincipal -AppPrincipalId $Id
# Get the required role ID from the Active Roles Azure AD Connector Application and save it to the $roleId variable
$roleId = (Get-MsolRole -RoleName "Company Administrator").ObjectId
# Assign the required permissions to the Active Roles Azure AD Connector Application
Add-MsolRoleMember -RoleObjectId $roleId -RoleMemberObjectId $servicePrincipal.ObjectId -RoleMemberType servicePrincipal
You need to supply the copied client ID and key when creating a new or modifying an existing connection to Windows Azure Active Directory in the Quick Connect Administration Console.
To create a new connection
© ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center
