Set up Azure
    • 01 May 2024
    • PDF

    Set up Azure

    • PDF

    Article summary

    SysAid’s Azure integration allows you to more efficiently manage the users in your company from one central location, by automatically pulling user data from Azure to SysAid. The integration runs these data imports about every 24 hours; saving time and preventing human error that could occur from manually copying the data. This integration can be configured for multiple Azure tenants.

    While this imports user information from Azure within SysAid, the users themselves cannot access SysAid unless you also enable the Office 365 Single Sign On integration.

    Important

    If you have users that were imported via LDAP integration, to avoid duplicate users and problems with authentication, make sure that:

    • The users have the same email addresses in the Azure and LDAP repositories

    • The Sync user based on email address check box is selected in the Azure integration settings

    To run these two integrations simultaneously, see Set Up Azure as a Secondary User Repository below.

    1. From the SysAid Marketplace, get the Azure addon.

    2. On the main My apps page, in the Azure icon, click  .

    3. In the Azure dashboard, navigate to Azure Active Directory > Custom Domain Names.

    4. Copy the name that's in the Available status.
       IntegrationAzurefilesTenantname1Tenantname1.png

    5. Back in SysAid, paste the name into the Tenant Name field.

    6. In Azure, navigate to Azure Active Directory > App Registrations.

    7. Click New Registration.
       IntegrationOffice365NewRegistrationNewRegistration.jpg

    8. In the Name field, enter a name for the application (for example "SysAid Login").

    9. Click Register.
       TeamsSettingsfilesRegisterApplication.jpg

    10. Back in the overview screen, click Add a Redirect URI.
       azureSettingsfilesAppRegistration.jpg

    11. Click Add a Platform.
       azureSettingsfilesAddPlatform.jpg

    12. Click Web.
       azureSettingsfilesWeb.jpg

    13. In the Redirect URL column, add your SysAid account URI.
       azureSettingsfilesRedirectURLRedirectURL.png

    14. Click Configure.

    15. Click Overview.

    16. Copy the application (client) ID.
       azureSettingsfilesApplicationID.jpg

    17. Back in SysAid, paste the copied text into the Client ID field.

    18. Set Microsoft Graph permissions in Azure.

      1. In Azure, navigate to Overview > View API permissions.

      2. Click Add Permissions.

      3. Click Select an API.

      4. Select Microsoft Graph.

      5. Select the following permissions from the Application Permissions section:

        • Group.Read.All

        • TeamMember.Read.All

        • User.Export.All

        • User.Read.All

      6. Select the following permissions from the Delegated Permissions section:

        • Group.Read.All

        • GroupMember.Read.All

        • User.Export.All

        • User.Read

        • User.Read.All

        • User.ReadBasic.All

      7. Click Save.

      8. In the Required Permissions section, click Grant permissions.

      9. When prompted, click Yes.
         azureSettingsfilesAPIPermissions.png

    19. In Azure, configure a key.

      1. Navigate to Manage > Certificates and Secrets.
         azureSettingsfilesDashboard.png

      2. Click New Client Secret.

      3. Enter a key name in the description field.

      4. Select the expiration date.

      5. Click Add.
         azureSettingsfilesAddClientSecret.png

    20. Copy the contents of the key's Value column.

    21. Back in SysAid, paste the copied text into the Secret Key field.

    22. Enter the domain you want.

    23. If you are running SysAid version 20.1.14, enter the following default field mapping text in the JSON field to map.

      {"fieldsMapping":
      [{"sysAidName":"UserName" ,"azureName":"userPrincipalName", "type":"text"},
      {"sysAidName":"FirstName" ,"azureName":"givenName", "type":"text"},
      {"sysAidName":"LastName" ,"azureName":"surname", "type":"text"},
      {"sysAidName":"Location" ,"azureName":"officeLocation", "type":"list"},
      {"sysAidName":"Email" ,"azureName":"mail", "type":"text"},
      {"sysAidName":"Department" ,"azureName":"department", "type":"list"},
      {"sysAidName":"Company" ,"azureName":"companyName", "type":"list"}]}
      

      Feel free to make any changes you like.
      If you are running SysAid Cloud or a later On Premise version, see the next section for instructions on mapping fields.

    24. Click Save Changes.

    25. Click the slider to activate the integration. Note: It could take up to 12 hours for your Azure fields to be synced with SysAid. Don't edit the integration until sync is complete.

    Set up Azure as a Secondary User Repository

    If you are using another user depository (such as LDAP) with SysAid, you can select to set up Azure as a secondary user repository within SysAid. This allows you to take advantage of the SysAid features that require Azure integration while still using the user repository that you are most comfortable with. 

    To set up Azure as your secondary SysAid user repository:

    1. Select the Azure is secondary to another User Repository checkbox.

    2. Click Save Changes.