Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
minLevel1
maxLevel6
outlinefalse
typelist
printablefalse

...

  • This integration involves registering two applications in the Microsoft Partner Center created using Global Admin Role. One application to pull Customers' details (Single Tenant application) and another application to pull Customers' Azure AD details (Multi-Tenant application).

  • The registration of applications are to be done under MSP’s Partner Portal.

Single Tenant application

Refer to this video for the detailed steps documented below.

...

Creating Azure Application for Microsoft Partner Center

  • Step 1a: Login to https://portal.azure.com/ using MFA Enabled Global Administrator Role to get Client ID, Secret ID and set permissions.

  • Step 1b: In the Microsoft Azure Portal, search for Azure Active Directory and select it.

...

App Registration

  • Step 1c: Navigate to App Registration —> Click on + Add —> Click on App Registration.

...

Step 1d: Copy the Application (Client) ID and Directory(Tenant) ID from here to be provided into the CyberCNS portal under Azure AD CSP Integration> Credentials>Azure Application for Microsoft Partner Center

...

Certificate and Secrets

  • Step 2a: To create a New Client Secret for this created application, Navigate to Certificate and Secrets> Client Secrets> New Client Secret.

  • Step 2c: Provide a Description of this new client secret

  • Provide until when this Client Secret can be used and then click on Add.

...

Once added an auto-generated Value will be seen. Copy the Value and use it as a Client Secret into CyberCNS Portal.

...

API Permissions

Below are the steps to add all required API permissions for the Azure AD application in a single shot, instead of adding them one by one.

...

"requiredResourceAccess": [
{
"resourceAppId": "00000003-0000-0000-c000-000000000000",
"resourceAccess": [
{
"id": "ebfcd32b4908d5b9-babb3fb2-40f44b1e-a14b9336-42706e83bd281888b7937185",
"type": "Scope"
},
{
"id": "e4c9e354e1fe6dd8-4dc5ba31-45b84d61-9e7c89e7-e1393b0b1a2088639da4683d",
"type": "Scope"
},
{
"id": "314874da498476ce-47d6e0fe-497848b0-88dcb801-cf0d37f0bb8237ba7e2685c6",
"type": "ScopeRole"
}
]
},
{
"idresourceAppId": "06da0dbcfa3d9a0c-49e23fb0-44d242cc-83129193-53f166ab848a47c7ecd2edbd",
"typeresourceAccess": "Scope"
},
[
{
"id": "5f8c59db1cebfa2a-677dfb4d-491f419e-a6b8b5f9-5f174b11ec1d839b4383e05a",
"type": "Scope"
},
{
"id": "bc024368-1153-4739-b217-4326f2e966d0",
"type": "Scope"
},
{
"id": "e383f46e-2787-4529-855e-0e479a3ffac0",
"type": "Scope"
},
{
"id": "4908d5b9-3fb2-4b1e-9336-1888b7937185",
"type": "Scope"
},
{
"id": "02e97553-ed7b-43d0-ab3c-f8bace0d040c",
"type": "Scope"
},
{
"id": "741c54c3-0c1e-44a1-818b-3f97ab4e8c83",
"type": "Scope"
},
{
"id": "64733abd-851e-478a-bffb-e47a14b18235",
"type": "Scope"
},
{
"id": "e1fe6dd8-ba31-4d61-89e7-88639da4683d",
"type": "Scope"
},
{
"id": "a154be20-db9c-4678-8ab7-66f6cc099a59",
"type": "Scope"
},
{
"id": "d07a8cc0-3d51-4b77-b3b0-32704d1f69fa",
"type": "Role"
},
{
"id": "b0afded3-3588-46d8-8b3d-9842eff778da",
"type": "Role"
},
{
"id": "2f51be20-0bb4-4fed-bf7b-db946066c75e",
"type": "Role"
},
{
"id": "7ab1d382-f21e-4acd-a863-ba3e13f7da61",
"type": "Role"
},
{
"id": "5b567255-7703-4780-807c-7be8301ae99b",
"type": "Role"
},
{
"id": "98830695-27a2-44f7-8c18-0c3ebc9698f6",
"type": "Role"
},
{
"id": "b633e1c5-b582-4048-a93e-9f11b44c7e96",
"type": "Role"
},
{
"id": "498476ce-e0fe-48b0-b801-37ba7e2685c6",
"type": "Role"
},
{
"id": "230c1aed-a721-4c5d-9cb4-a90514e508ef",
"type": "Role"
},
{
"id": "483bed4a-2ad3-4361-a73b-c83ccdbdc53c",
"type": "Role"
},
{
"id": "bf394140-e372-4bf9-a898-299cfc7564e5",
"type": "Role"
},
{
"id": "df021288-bdef-4463-88db-98f22de89214",
"type": "Role"
}
]
}
],
API Permissions to be set manually:

Below are the permissions required for a CSP account. Make sure to have these API permissions(the below-mentioned API Permissions should have type as Application and Delegated) in place.

  • Step 3a: Navigate to API Permissions and select +Add a permission.

  • Under Request API Permissions, Select APIs my organization uses

  • Search for Microsoft Partner Centre (first option) and select it.

...

]
}
],
API Permissions to be set manually:

Below are the permissions required for a CSP account. Make sure to have these API permissions(the below-mentioned API Permissions should have type as Application and Delegated) in place.

  • Step 3a: Navigate to API Permissions and select +Add a permission.

  • Under Request API Permissions, Select APIs my organization uses

  • Search for Microsoft Partner Centre (first option) and select it.

...

  • Step 3b: Once Microsoft Partner Centre is selected new page will open under Microsoft Partner Centre.

  • Under Delegated Permissions → Select permission → Search for user_impersonation click the check box and click on Add permissions.

...

  • Step 3c: Under API Permissions, Click on Microsoft Graph.

  • Search permission for the name Organization and select the Organization.Read.All permissions.

  • Search permission for the name User and select the User.Read permissions.

  • Once done, click on Update Permissions.

...

  • Step 3d: Once permissions are set, on the same page, please grant admin access by clicking on the Grant admin consent for Connect Secure and click on the Yes button

...

This completes adding Azure Application for Microsoft Partner Center.

Multi-Tenant application

Refer to this video for the detailed steps documented below.

...

Creating Azure Application for Azure Active Directory

  • Step 2a: Navigate to Azure Active Directory, Click on App Registration.

App Registration

  • Step 2b: Register an application will need below information:

...

Once all the information is entered correctly click on the Register Button.

...

  • Once the application is registered successfully, it will give a Pop-up Message as “Successfully created application <Application Name>”.

  • Step 2c: Copy the Application (Client) ID and Directory(Tenant) ID from here to be provided into the CyberCNS portal under Azure AD CSP Integration>Credentials> Azure Application for Azure Active Directory.

...

Certificate and Secrets

  • To create a New Client Secret for this created application, Navigate to Certificate and Secrets> Client Secrets> New Client Secret.

  • Provide a Description for this new client secret

  • Provide until when this Client Secret can be used and then click on Add.

...

  • Step 2c: Once added an auto-generated Value will be seen. Copy the Value and use it as a Client Secret into the CyberCNS Portal.

API Permissions

Below are the steps to add all required API permissions for the Azure AD application in a single shot, instead of adding them one by one.

...

"requiredResourceAccess": [
{
"resourceAppId": "00000003-0000-0000-c000-000000000000",
"resourceAccess": [
{
"id": "3de2cdbeebfcd32b-0ff5babb-47d540f4-bdeea14b-7f45b4749ead42706e83bd28",
"type": "Scope"
},
{
"id": "4908d5b9e4c9e354-3fb24dc5-4b1e45b8-93369e7c-1888b7937185e1393b0b1a20",
"type": "Scope"
},
{
"id": "ebfcd32b314874da-babb47d6-40f44978-a14b88dc-42706e83bd28cf0d37f0bb82",
"type": "Scope"
},
{
"id": "e4c9e35406da0dbc-4dc549e2-45b844d2-9e7c8312-e1393b0b1a2053f166ab848a",
"type": "Scope"
},
{
"id": "314874da5f8c59db-47d6677d-4978491f-88dca6b8-cf0d37f0bb825f174b11ec1d",
"type": "Scope"
},
{
"id": "64733abdbc024368-851e1153-478a4739-bffbb217-e47a14b182354326f2e966d0",
"type": "Scope"
},
{
"id": "02e97553e383f46e-ed7b2787-43d04529-ab3c855e-f8bace0d040c0e479a3ffac0",
"type": "Scope"
},
{
"id": "e1fe6dd84908d5b9-ba313fb2-4d614b1e-89e79336-88639da4683d1888b7937185",
"type": "Scope"
},
{
"id": "a154be2002e97553-db9ced7b-467843d0-8ab7ab3c-66f6cc099a59f8bace0d040c",
"type": "Scope"
},
{
"id": "5f8c59db741c54c3-677d0c1e-491f44a1-a6b8818b-5f174b11ec1d3f97ab4e8c83",
"type": "Scope"
},
{
"id": "06da0dbc64733abd-49e2851e-44d2478a-8312bffb-53f166ab848ae47a14b18235",
"type": "Scope"
},
{
"id": "e383f46ee1fe6dd8-2787ba31-45294d61-855e89e7-0e479a3ffac088639da4683d",
"type": "Scope"
},
{
"id": "f6a3db3ea154be20-f7e8db9c-4ed24678-a4148ab7-557c8c9830be66f6cc099a59",
"type": "Scope"
},
{
"id": "fdc4c997d07a8cc0-99423d51-44794b77-bfcbb3b0-75a36d1138df32704d1f69fa",
"type": "Role"
},
{
"id": "5b567255b0afded3-77033588-478046d8-807c8b3d-7be8301ae99b9842eff778da",
"type": "Role"
},
{
"id": "498476ce2f51be20-e0fe0bb4-48b04fed-b801bf7b-37ba7e2685c6db946066c75e",
"type": "Role"
},
{
"id": "658aa5d87ab1d382-239ff21e-45c44acd-aa12a863-864f4fc7e490ba3e13f7da61",
"type": "Role"
},
{
"id": "2f51be205b567255-0bb47703-4fed4780-bf7b807c-db946066c75e7be8301ae99b",
"type": "Role"
},
{
"id": "bf39414098830695-e37227a2-4bf944f7-a8988c18-299cfc7564e50c3ebc9698f6",
"type": "Role"
},
{
"id": "df021288b633e1c5-bdefb582-44634048-88dba93e-98f22de892149f11b44c7e96",
"type": "Role"
},
{
"id": "b0afded3498476ce-3588e0fe-46d848b0-8b3db801-9842eff778da37ba7e2685c6",
"type": "Role"
},
{
"id": "d07a8cc0230c1aed-3d51a721-4b774c5d-b3b09cb4-32704d1f69faa90514e508ef",
"type": "Role"
},
{
"id": "230c1aed483bed4a-a7212ad3-4c5d4361-9cb4a73b-a90514e508efc83ccdbdc53c",
"type": "Role"
},
{
"id": "b633e1c5bf394140-b582e372-40484bf9-a93ea898-9f11b44c7e96299cfc7564e5",
"type": "Role"
},
{
"id": "7ab1d382df021288-f21ebdef-4acd4463-a86388db-ba3e13f7da6198f22de89214",
"type": "Role"
}
]
}
],

API Permissions to be set manually:

...

This completes adding Azure Application for Azure Active Directory.

Info

After clicking on Accept, please close the Microsoft login window.(If it again pop-ups as login to the account)

Info

The following steps for any errors:

  • In the Azure portal, you need to provide Admin Consent using a user with the global admin with

MFA-enabled permissions for both the single and multiple tenant applications created under app registration and also under the enterprise application.

  • Please verify that the Client ID and Client Secret(value) have been copied correctly and updated.

  • Please verify all the permissions are set and confirm if they can access the partner center customer list

  • Use the same user to add credentials under the CyberCNS portal.

  • After giving the consent, please close the pop-up with the error eg: AADSTS700016 if any and click on the finish button.

Integrate in CyberCNS Portal

Refer to this video for the detailed steps documented below.

...

Global Settings → Integrations

  • Navigate to Global Settings(⚙) > Integrations and choose Azure AD CSP from the integrations listed.

  • Image Removed

Add Credentials

  • It will lead to add credentials for your Azure AD CSP. Provide details as requested.

    Image Removed

...

Add Azure AD CSP Credentials

  • Click on + to add Azure AD CSP credentials.

  • Choose a Name for the credentials for your reference.

  • By default Azure CSP Authentication Endpoint will be Global Service, it can be changed by dropdown if the Microsoft login mail id is associated with .us or .com (US government/ Global Service)

  • Provide Tenant ID - This is the Tenant ID from the created applications. (This is same for both the applications created- Single tenant and Multi-Tenant).

  • Provide Client ID and Client Secret for created Azure application for Microsoft Partner Center (Single Tenant).

  • Provide Client ID and Client Secret for created Azure application for Azure Active Directory(Multi-Tenant).

  • Click on Save to save these credentials successfully. This will lead to the Microsoft login page asking for consent.

  • Once the login is successful, the Azure AD Credentials will be stored successfully.

  • A user having an MFA EnabledGlobal Administrator role/permissions is required to be used for login.

  • Using the above method you can add multiple credentials.

Company Mapping

Info
  • If any company is already integrated Azure AD legacy with any tenant, then once the new Azure AD CSP integration is used to integrate the same company, the old integration mapping for this company will be removed.

  • Associated Credentials with the deleted company will not be deleted from Azure AD Legacy integration. It will help re add the company in future.

...

In Company Mapping, choose the Azure AD Credential of your choice from the dropdown

...

Click on +Add to map the company.

...

One of these two options could be selected

...

If there is a Partner Centre token expiration issue:

  • The re-authentication option appears if the token expires under Azure AD CSP integration in the mapping section, as shown in the image below.

...

Import Companies from Azure AD

  • To import multiple companies from Azure AD, choose Import Companies from Azure AD, and click on Next.

  • Image Removed

    Multiple companies can be added to the user interface so the Azure AD data to be synced to the appropriate companies selected.

  • Image Removed

    Click on Finish to import all the selected Azure AD companies.

  • Image Removed

    There is an option to Delete the integration mapping using the Action column. Any company mapping can be deleted if needed.

  • Image Removed

Map Existing Company to an Azure AD Company

  • As shown in the below image, to map existing company, select the Existing company and Azure AD company by using a dropdown or with the search bar as per the requirement.

  • Image Removed

    Once the company is selected click on ‘+' to select the company and click on Finish to map all the selected Azure AD companies.

  • Image Removed

    Click on “Please Click HERE to provide consent” to provide consent on behalf of the company.

  • By clicking here, it will redirect to the Microsoft user login screen. Please use the appropriate global admin account to provide consent to successfully add the company and sync the data into CyberCNS.

  • There is a copy link to copy and open the consent link in the separate tab.(optional)

  • After clicking on Accept, please close the Microsoft login window.(If it again pop-ups as login to the account)

  • There is an option to Delete the integration mapping using the Action column. Any company mapping can be deleted if needed.

...

When Azure AD credentials and Company Mapping are added, the two tabs Azure Active Directory and Microsoft Secure Score will be enabled under the Company view> Company that have the mapping.

...

Please wait for the sync to complete to get the data under Azure Active Directory and Microsoft Secure Score section.

...

Under Azure Active Directory> Sync Now can help you sync the data at any point of time.

...

Integrate in CyberCNS Portal

Refer to this video for the detailed steps documented below.

...

Global Settings → Integrations

  • Navigate to Global Settings(⚙) > Integrations and choose Azure AD CSP(GDAP) from the integrations listed.

    image-20231229-155145.pngImage Added

Add Credentials

  • It will lead to add credentials for your Azure AD CSP(GDAP). Provide details as requested.

    image-20240102-040821.pngImage Added

...

Add Azure AD CSP(GDAP) Credentials

  • Click on + to add Azure AD CSP(GDAP) credentials.

  • Choose a Name for the credentials for your reference.

  • By default Azure CSP Authentication Endpoint will be Global Service, it can be changed by dropdown if the Microsoft login mail id is associated with .us or .com (US government/ Global Service)

  • Provide Tenant ID - This is the Tenant ID from the created applications. (This is same for both the applications created- Single tenant and Multi-Tenant).

  • Provide Client ID and Client Secret for created Azure application for Microsoft Partner Center (Single Tenant).

  • Provide Client ID and Client Secret for created Azure application for Azure Active Directory(Multi-Tenant).

  • Click on Save to save these credentials successfully. This will lead to the Microsoft login page asking for consent.

  • Once the login is successful, the Azure AD Credentials will be stored successfully.

  • A user having an MFA EnabledGlobal Administrator role/permissions is required to be used for login.

  • Using the above method you can add multiple credentials.

Company Mapping

Info
  • If any company is already integrated Azure AD legacy with any tenant, then once the new Azure AD CSP(GDAP) integration is used to integrate the same company, the old integration mapping for this company will be removed.

  • Associated Credentials with the deleted company will not be deleted from Azure AD Legacy integration. It will help re add the company in future.

  • In Company Mapping, choose the Azure AD Credential of your choice from the dropdown

  • Click on +Add to map the company.

  • One of these two options could be selected

  • Import Companies from Azure AD:- To import multiple companies from Azure AD at a time. This will create a new company under CyberCNS for every company imported from Azure AD.

  • Map Existing Company to an Azure AD company:- To map an existing company into CyberCNS to the Azure AD company.

    image-20231229-155424.pngImage Added

If there is a Partner Centre token expiration issue:

  • The re-authentication option appears if the token expires under Azure AD CSP(GDAP) integration in the mapping section, as shown in the image below.

...

Import Companies from Azure AD

  • To import multiple companies from Azure AD, choose Import Companies from Azure AD, and click on Next.

    image-20231229-155751.pngImage Added
  • Multiple companies can be added to the user interface so the Azure AD data to be synced to the appropriate companies selected.

    image-20240102-041101.pngImage Added
  • Click on Finish to import all the selected Azure AD companies.

    image-20240102-041217.pngImage Added
  • There is an option to Delete the integration mapping using the Action column. Any company mapping can be deleted if needed.

    image-20240102-041330.pngImage Added

Map Existing Company to an Azure AD Company

  • As shown in the below image, to map existing company, select the Existing company and Azure AD company by using a dropdown or with the search bar as per the requirement.

    image-20240102-041555.pngImage Added
  • Once the company is selected click on ‘+' to select the company and click on Finish to map all the selected Azure AD companies.

    image-20240102-041919.pngImage Added
  • Click on “Please Click HERE to provide consent” to provide consent on behalf of the company.

  • By clicking here, it will redirect to the Microsoft user login screen. Please use the appropriate global admin account to provide consent to successfully add the company and sync the data into CyberCNS.

  • There is a copy link to copy and open the consent link in the separate tab.(optional)

  • After clicking on Accept, please close the Microsoft login window.(If it again pop-ups as login to the account)

Info
  • After giving the consent, please close the pop-up with the error eg: AADSTS700016 if any and click on the finish button to proceed further.

...

  • There is an option to Delete the integration mapping using the Action column. Any company mapping can be deleted if needed.

  • There is an option to Re-authenticate and Provide Consent at the company level if for any reasons a re authentication is required.

    image-20240102-042107.pngImage Added

...

  • When Azure AD credentials and Company Mapping are added, the two tabs Azure Active Directory and Microsoft Secure Score will be enabled under the Company view> Company that have the mapping.

  • Please wait for the sync to complete to get the data under Azure Active Directory and Microsoft Secure Score section.

  • Under Azure Active Directory> Sync Now can help you sync the data at any point of time.

  • Once Sync now is selected, the Jobs > Azure Active Directory jobs section will show a job for sync in progress. Once it is completed, the data will be successfully shown under Azure Active Directory and Microsoft Secure Score.

Info

Make sure to have followed below steps for any errors:

  • In the Azure portal, you need to provide Admin Consent using a user with the global admin with MFA-enabled permissions for both the single and multiple tenant applications created under app registration and also under the enterprise application.

  • Please verify that the Client ID and Client Secret(value) have been copied correctly and updated.

  • Please verify all the permissions are set and confirm if they can access the partner center customer list in case the customer list is missing under CyberCNS Portal.

  • Use the same user to verify partner center information which is used under the CyberCNS portal.

  • After giving the consent, please close the pop-up with the error eg: AADSTS700016 if any and click on the finish button( Error screenshot above) to proceed further.

This completes Azure Active Directory CSP Integration documentation.

...