Azure Active Directory (Entra ID) Onboarding

Generate credentials

1. Log in to https://azure.microsoft.com/en-gb/

2. Click on Portal.

1. Click on the Search box on the top navigation bar. Type and search “App Registrations”.

2. Click on App Registrations.

1. Click on New Registration. Add details as shown below and click Register.

https://login.microsoftonline.com/common/oauth2/nativeclient

1. Click on Certificates and secrets.

2. Click on New client secret.

3. Fill in the client secret details in the Description and Expires fields.

4. Click on Add.

1. Copy the Client Secret value and keep it secure for future use as you will not be able to retrieve it later.

   Example: x_sWncr4m~.2lFeKlWR1pu3SgT42lg.254

1. Configure API Permissions.

Click API permissions -> Add a permission -> Microsoft Graph -> Application permissions -> Add following permissions.

AccessReview.Read.All -> To get file sharing list of file
Application.Read.All  -> To get list of all applications.
Domain.Read.All       -> To get list of all organization domains
GroupMember.Read.All  -> To get list of all members of groups
Sites.Read.All        -> Here we have provided sites selected permission
User.Read             -> Default permission enabled for any app
User.Read.All         -> This is required for test connection on LightBeam.
ActivityFeed.Read (From Office 365 Management APIs)

Grant admin consent for all permissions.

Onboard Azure Active Directory to Lightbeam

1. Navigate to the Access Governance tab.

1. Select Directory Services.

1. Click New Directory Service.

1. Choose Azure Active Directory (Hosted)

1. Enter the connection credentials.

1. Configure the Active Directory schedule.

Your Azure Active Directory onboarding is now complete.