This section describes how to retrieve user and group information from an Azure Active Directory. OmniGroupServer retrieves information from Azure Active Directory through the Microsoft Graph API.
To use the Microsoft Graph API, you must go to the Azure portal and register an application to represent OmniGroupServer. Full instructions about how to create an application are available in the Microsoft documentation.
OmniGroupServer has the following requirements:
http://localhost:7878/oauth
). The "type" of the redirect URI should be "Web".API Permissions. OmniGroupServer requires the following delegated permissions:
Directory.Read.All
offline_access
To obtain OAuth tokens
oauth_tool.cfg
.In the [Azure]
section, set the following configuration parameters:
AppKey
|
The application key (client ID) provided by Microsoft. |
AppSecret
|
The application secret (client secret) provided by Microsoft. |
AuthorizeUrl
|
The OAuth authorize URL. If you are using a single-tenant Azure Active Directory, specify your tenant ID in place of the value "common". |
TokenUrl
|
The OAuth token URL. If you are using a single-tenant Azure Active Directory, specify your tenant ID in place of the value "common". |
From the command line, run the following command:
oauth_tool oauth_tool.cfg Azure
The OAuth configuration tool obtains the token needed to authenticate with the Microsoft Graph API, and creates the file oauth.cfg
containing the information.
To retrieve security information from Azure Active Directory
In the [Repositories]
section, create a repository. For example:
[Repositories] Number=1 0=AzureAD [AzureAD]
Include the OAuth configuration parameters necessary to authenticate with the Azure Active Directory. For example:
[AzureAD] < "oauth.cfg" [OAUTH]
Set the following configuration parameters:
GroupServerLibrary
|
The path (including the file name) to the library file that allows the group server to access the repository. Use the library ogs_azure . |
MicrosoftGraphApiUrl
|
The base URL of the Microsoft Graph API. If your Azure Active Directory instance is single-tenant, you must specify your tenant ID in place of "common". |
UseSystemProxy
|
Specifies whether to obtain details about your HTTP proxy from the system. You might need to configure a proxy server to access the Microsoft Graph API. |
SSLMethod
|
The SSL/TLS version to use. |
For example:
[AzureAD] < "oauth.cfg" [OAUTH] GroupServerLibrary=ogs_azure MicrosoftGraphApiUrl=https://graph.windows.net/common/ UseSystemProxy=true SSLMethod=negotiate
For a complete list of configuration parameters that you can use, refer to the OmniGroupServer Reference.
Save and close the OmniGroupServer configuration file.
|