Retrieve Groups from Azure Active Directory

This section describes how to retrieve user and group information from an Azure Active Directory. OmniGroupServer retrieves information from Azure Active Directory through the Microsoft Graph API.

To use the Microsoft Graph API, you must go to the Azure portal and register an application to represent OmniGroupServer. Full instructions about how to create an application are available in the Microsoft documentation.

OmniGroupServer has the following requirements:

To obtain OAuth tokens

  1. In the OmniGroupServer installation directory, open oauth_tool.cfg.
  2. In the [Azure] section, set the following configuration parameters:

    AppKey The application key (client ID) provided by Microsoft.
    AppSecret The application secret (client secret) provided by Microsoft.
    AuthorizeUrl The OAuth authorize URL. If you are using a single-tenant Azure Active Directory, specify your tenant ID in place of the value "common".
    TokenUrl The OAuth token URL. If you are using a single-tenant Azure Active Directory, specify your tenant ID in place of the value "common".
  3. From the command line, run the following command:

    oauth_tool oauth_tool.cfg Azure

    The OAuth configuration tool obtains the token needed to authenticate with the Microsoft Graph API, and creates the file oauth.cfg containing the information.

To retrieve security information from Azure Active Directory

  1. Open the OmniGroupServer configuration file.
  2. In the [Repositories] section, create a repository. For example:

    [Repositories]
    Number=1
    0=AzureAD
    
    [AzureAD]
  3. Include the OAuth configuration parameters necessary to authenticate with the Azure Active Directory. For example:

    [AzureAD] < "oauth.cfg" [OAUTH]
  4. Set the following configuration parameters:

    GroupServerLibrary The path (including the file name) to the library file that allows the group server to access the repository. Use the library ogs_azure.
    MicrosoftGraphApiUrl The base URL of the Microsoft Graph API. If your Azure Active Directory instance is single-tenant, you must specify your tenant ID in place of "common".
    UseSystemProxy Specifies whether to obtain details about your HTTP proxy from the system. You might need to configure a proxy server to access the Microsoft Graph API.
    SSLMethod The SSL/TLS version to use.

    For example:

    [AzureAD] < "oauth.cfg" [OAUTH]
    GroupServerLibrary=ogs_azure
    MicrosoftGraphApiUrl=https://graph.windows.net/common/
    UseSystemProxy=true
    SSLMethod=negotiate
    

    For a complete list of configuration parameters that you can use, refer to the OmniGroupServer Reference.

  5. Save and close the OmniGroupServer configuration file.

_FT_HTML5_bannerTitle.htm