Azure AD
How to create an Azure AD Connector app to connect to Azure Active Directory (Microsoft Entra ID).
Last updated
Was this helpful?
How to create an Azure AD Connector app to connect to Azure Active Directory (Microsoft Entra ID).
Last updated
Was this helpful?
Login to Azure Portal
If there are multiple tenants to choose from, use the Settings icon in the top menu to switch to the tenant in which needs to be registered to the application from the Directories + subscriptions menu
Browse to App Registration and select New registration
On the App Registration page enter the below information and click the Register button.
Name: (Enter a meaningful application name that will be displayed to users of the app)
Supported account types:
Select which accounts that the application will support. The options should be similar to the below screenshot.
“Accounts in this organizational directory only” can be selected:
Leave the Redirect URI as empty and Click Register
Note the Application (client) ID, Directory (tenant) ID values
Navigate to Manage -> Certificates and secrets on the left menu, to create a new client secret
Provide a meaningful description and expiry to the secret, and click on Add
Once a client secret is created, note its Value and store it somewhere safe. NOTE: this value cannot be viewed once this page is closed.
Navigate to Manage -> API permissions on the left menu, and Add a permission
Select Microsoft APIs -> Microsoft Graph
Select Application permissions
Permissions required
Scanning only:
Microsoft Graph > Application permissions > AuditLog > AuditLog.Read.All
Microsoft Graph > Application permissions > Directory > Directory.Read.All
Once all the required permissions are added, click Grant admin consent
Navigate to Administration -> Data Sources -> Azure AD -> New scan
Provide the Directory (tenant) ID, Application (client) ID and Client Secret value generated in the above steps from the Azure application
Save the configuration
Once the configuration is saved, click on the icon on the right and select Start trustee scan to begin scanning
The scan results can be viewed under Dashboard -> Access Governance
