Microsoft Entra ID

Policy Manager can interact with Microsoft Entra ID (formally Azure) to retrieve directory objects and perform policy enforcement. This source is only capable of authorization, not authentication.

Appropriate Microsoft Graph permissions must be granted to the Microsoft Entra ID application in order for Policy Manager to fetch the expected directory objects. Figure 1 displays the permissions that must be granted to fetch user group information.

 

Aruba recommends a new Microsoft Graph Application.Read.All default permission be granted. This default permission will enable Policy Manager to provide a notification if the clear text secrets configured for the current Microsoft Entra ID application connected to Policy Manager are expiring.

Figure 1  Grant Appropriate Microsoft Graph Permissions

To configure the Microsoft Entra ID service:

1. Navigate to Configuration > Authentication > Sources. The Authentication Sources page opens.

2. Click the Add link. The Add Authentication Sources page opens with the General tab displayed. Each configuration parameter is empty, and the authentication source type is undefined.