Importing your Azure Active Directory Users into Korbyt
Note: This document pertains to Korbyt version 1.2 and up. Please consult with RMG for questions with implementation or version support.
To import users from Azure AD into Korbyt, you will need to create an Azure Application that can communicate with the Azure API from within Korbyt, and collect the following three credentials for it:
1. Azure Tenant Domain
2. Application ID
3. Application Key
Your Azure Tenant Domain can be found on the top right-hand corner of the Azure dashboard, in the format [domain].onmicrosoft.com. Please see the following screenshot for an example.
Register the User Import app for your own tenant
- Sign in to the Azure portal. You will need to be signed in as an Administrator, or as a user with enough Azure permissions to create applications and grant permissions.
- Select Azure Active Directory from the left-hand side menu. If this option is not shown under Favorites in the left-hand menu, then click on All services, and choose Azure Active Directory found under the Security + Identity category.
- Click on App registrations and choose New application registration.
- Enter a friendly name for the application, for example, “Korbyt User Import.”
- Then select “Web Application and/or Web API” as the Application Type. For the sign-on URL, enter the base URL for the application, https://korbyt.com.
- Click on Create to create the application.
- Once the Application is created, you will be able to see its properties.
- Find the Application ID. Record this ID as it will be required later.
- Click on Settings
- From the Settings menu, choose Keys and add a key.
- Enter a key description and then select a key duration of either 1 year or 2 years. When you save this page, the key value will be displayed.
- Copy and save the key value in a safe location. You will need this key later to configure the application in Korbyt. This key value will not be displayed again, nor retrievable by any other means. Record it as soon as it is visible from the Azure Portal.
You also need to configure the permissions for your Application. To do so, complete the following steps:
- In the Settings menu, choose the “API permissions” section, click on Add, then Select an API.
- Select “Microsoft Graph” (this is the Graph API).
- Then, select the following permissions from the right-hand side menu:
a. Under Application Permissions, select Read Directory Data.
b. Under Delegated Permissions, select
i. Sign in and read user profile
ii. Read all users’ basic profiles.
c. Click Save
- In the Settings menu, choose the “API permissions” section.
- Click on Add, then Select an API, and select “Azure Active Directory Graph.”
- Select these permissions for Azure Active Directory Graph:
- Once all the required permissions have been added click on Grant Permissions, click Yes on the resulting popup, and wait for the confirmation message to appear.
- At this point the Azure Application creation process is complete. You will now need to enter the three fields collected during the creation of the application and enter them into Korbyt’s user import form.
- Enter your Azure Tenant Domain into the first field labeled App Tenant Domain Name
- Enter the Application ID into the second field, labeled App Principal ID
- Enter the Client Secret into the third field, labeled App Client Password
- Once all the fields have been filled out, clicking Save on the form will start the user import process. When the importing is complete the page will refresh and you will be able to see all the imported users in the table on the right-hand side of the screen.
Please consult the article below for information on restricting your Azure AD app to a specific set of users.