To complete the below procedure, you require a SAC admin and an Azure AD administrator able to grant permissions.
Part 1: Azure AD:
- Log in to your Azure AD as an administrator, navigate to Azure Active Directory and select app registration.
- Click the +new registration button.
- Enter a meaningful name for your application and add the following redirect URI:
There are additional environments that may vary in suffix, the above url will match a tenant in the *luminatesec.com domain. If your tenant's suffix is different, change the suffix in the above URL to take it into consideration.
- Click register.
- Select the newly created application and go to the next step.
- Next, configure the API permissions:
- Click add a permission:
- Go to Microsoft Graph:
The permission levels are divided between Delegated and application, look for the appropriate container and in it look for the appropriate permission level
Below is the necessary permission level for a working integration:
Select the type of permission and start typing the name, you will see the permission and will be able to select it:
- Once you've finished adding all the appropriate permissions be sure to click the "grant admin consent for Luminate Security" if the button is grayed out, your permission level for Azure is insufficient.
- Once granted all of the pending permissions will turn to Granted:
- Next, let's create a client Secret:
- Click the Certificates & secrets option
- Click the New client secret and the below will pop up:
- Provide a name and save, write the client secret aside.
- Next, go to the overview tab and copy the Application (client) id
Your Azure AD is now configured!!
- Next, log in to your SAC tenant and navigate to the admin portal.
- Under Settings, Identity providers, select New and choose Azure AD
- Provide a meaningful name for the integration and your domain name.
- Paste the Application ID and Secret created in the previous steps from Azure AD.
- Save and continue
The Domain alias will indicate to your secure Access tenant that the user trying to log in is managed by Azure AD.
- Click Save and continue.