Azure AD Sign-in
  • 19 Sep 2024
  • 1 Minute to read
  • Contributors
  • Dark
    Light

Azure AD Sign-in

  • Dark
    Light

Article summary

Azure AD is an identity and access management solution from Microsoft that helps organizations secure and manage identities for hybrid and multicloud environments.

Integration Method: API

Tables: Authentication

Event Types: input, api_input_signin, input_managed_identity, input_adfs, input_signin, input_unauth, input_service_principle_log

Setup and Configure

  1. Log on to Azure with a user account that has the Global Administrator role.

  2. Navigate to Microsoft Entra ID > App registrations > New registration. The “Register an application” page window appears.

  3. Enter the application's registration information:

    1. In the ‘Name’ section, enter a meaningful application name that will be displayed to users.

    2. For ‘Supported account types’, click the Accounts in any organizational directory option.

    3. Set the ‘Redirect URI’ to http://localhost.

    4. Click on Register to create the application.

  4. On the app “Overview” page, copy the ‘Application (client) ID’ and ‘Directory (tenant) ID’ for later use.

    Add Endpoint Access

    Once the application is created, appropriate permissions should be provided to get data. The appropriate permissions to the application are needed to configure these endpoints. The following section details how to configure and add permissions to the sign-in endpoint.

    Endpoint needed for Azure AD Sign-in

    Add Permissions

    To add permissions for the endpoint outlined above, from the Azure Active Directory portal:

  5. Select the application whose logs are to be accessed (generally, the application registered earlier on this page).

  6. Click API Permissions, and then click Add a Permission. The “Request API permissions” window appears.

  7. Click on Microsoft Graph.

  8. Click on Application Permissions.

  9. The following permissions need to be granted for the endpoint to function properly:

    Endpoints

    Permission

    /v1.0/auditLogs/signIns

    AuditLog.Read.All

    Directory.Read.All

  10. In the ‘Select permissions’ search bar, enter the permissions shown above, and check the box to include it. If you run into any problems, check out Microsoft's official documents.

    azure_ad_sign_in_1

  11. Click the Add permissions button after selecting all required permissions.

  12. On the “API permissions” page, click Grant Admin Consent for <tenant>.

  13. Click the Yes button on the consent confirmation. The required permissions are now added for the endpoints.

  14. In the end, you must have the following permissions set for Microsoft Graph.

    Create the Client ID and Client Secret

    The final step in configuring the Graph API is creating a Client ID and Client Secret. To create these items, from the Azure Portal:

  15. Select the application created above.

  16. Click Certificates & secrets, and then Client Secrets.

  17. Click New client secret. The “Add a client secret” window appears.

  18. Enter a ‘Description’ for this client secret.

  19. Select the desired expiry period from the ‘Expires’ drop-list.

  20. Click Add.

  21. Copy the ‘Value’ field, which will be used to initialize the beat.



Was this article helpful?

What's Next
Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.
ESC

Eddy AI, facilitating knowledge discovery through conversational intelligence