Azure AD or MS Entra Graph Endpoint

Configure Azure AD/Entra as an Attribute Source Connection

1. Access the Attribute Source Connections Page

1. Log in to the TrustLogix Dashboard.

2. Navigate to Integrations > Attribute Source Connections > Add

2. Configure the Connection Details

Create a separate application to integrate the graph endpoint as source in TrustLogix. Please follow prerequisites step to get the required details to complete the integration.

1. Select Connection Type

   • Choose the external source (e.g., Azure Active Directory (Azure AD)).

2. Enter Connection Details

   • Configuration Name: Provide a user-friendly name (e.g., "Azure AD - HR Attributes").

   • Azure Tenant ID: Enter the unique identifier for the Azure AD tenant.

   • Client ID: Provide the application Client ID from Azure AD.

   • Client Secret Value: Enter the secret key for authentication.

Get Application(Client) ID and Directory(Tenant) ID from Azure Application Overview page.

Copy Secret value while creating in prerequisites step.

3. Follow the Prerequisite Steps

To retrieve the necessary credentials, follow these steps:

Steps to Register a Microsoft Graph App in Azure:

Register an application

1. Go to Azure Portal: Visit the Azure Portal.

2. Navigate to Azure Active Directory: In the left-hand menu, click on Azure Active Directory.

3. Register a New Application:

4. • In the Azure Active Directory panel, select App registrations.

   • Click on New registration at the top.

5. Fill in Application Details:

6. • Name: name for your application (e.g., "Health Care Graph API").

   • Supported account types: Select Accounts in this organizational directory only (Default Directory only - Single tenant)

   • Once you’ve filled in the necessary details, click on the Register button.

Configure API Permissions:

1. After registration, you will be directed to the app's Overview page.

   • Select API permissions from the left-hand menu under Manage.

   • Click Add a permission > Microsoft Graph.

   • Choose the appropriate permissions:

   • • Application permissions (for app-only access without a user).

   • Select the necessary permissions for your app (User.ReadBasic.All).

   • Set Admin consent by clicking on Grant admin consent to Default Directory

Note:

The User.ReadBasic.All permission allows reading only a basic set of profile properties, including display name, first name, last name, email address, open extensions, and photo. To access any other user properties, the User.Read.All permission is required, and to access user group and group membership information, the GroupMember.Read.All permission is required.

Create a Client Secret:

1. • If your app needs to authenticate without user interaction, create a client secret (application password).

   • Go to Certificates & secrets > New client secret.

   • Provide a description and set an expiration period, then click Add.

   • Note: Be sure to copy the secret value immediately, as you won't be able to see it again.

4. Save the Integration Details

1. Click on Save to save the Integration details.

2. If there are errors, check the credentials entered are valid.