Azure AD Sign-in is an identity and access management solution from Microsoft that helps organizations secure and manage identities for hybrid and multi-cloud environments. For more information, refer to Azure’s official documentation.

Integration Method: EventHub

Tables: Authentication (3002)

This integration supports the following events.

Note:

EventHub doesn’t follow a traditional versioning system. Instead, it is a continuously updated cloud service.

Prerequisites

• The user should have access to the Azure portal.

• The user should have access to Azure AD to create a diagnostic setting.

• The user should have access to the Event Hub.

• The user should have access to the DataBee console.

Configuration Overview

1. Create an Event Hub in the Azure Portal.

2. Create a diagnostic setting in Azure AD.

3. Get the Event Hub namespace, Event Hub name and connection string.

4. Add the Azure AD Sign-in in the DataBee console with the below parameters.

Azure Configuration

Create EventHub

1. Sign in to the Azure portal and navigate to Marketplace to create an EventHub. If you have already configured EventHub then skip to step 7.

2. Provide basic information to create an event hub namespace.

   1. Provide project details which include subscription details.

   2. Enter a valid event hub namespace name. Copy it and save it for later use.

   3. Select the region for your Event Hub namespace.

      Note: Choose the same region where your Databee cluster is deployed to minimize latency when receiving logs from the Event Hub.

   4. Select the Pricing Tier. For this guide, the Standard tier will be used

      Note: The Standard tier is the minimum requirement, as it’s needed to enable Apache Kafka support.

   5. Provide Throughput Units. For this guide, we will be using one (1) Throughput Unit (TU). A higher number may be required if you know the amount of data sent from Azure.  More about Throughput Units.

   6. Enable the Auto-Inflate option to prevent issues when traffic exceeds the assigned Throughput Unit (TU) capacity. Auto-Inflate automatically increases the number of TUs for your Standard Tier Event Hubs Namespace as traffic grows, up to a specified maximum limit.

      Note: Once Auto-Inflate is enabled, it does not automatically scale down. You’ll need to manually reduce the TUs if required.

   7. Click on Next: Advanced > button.

3. Provide Advance Security Details. Click on Next: Networking > button.

4. Select Public Access as a Connectivity method. Click Next: Tags > button.

5. Add Tags relevant to your organization for viewing consolidated billing. Click Next: Review + create > button.

6. EventHub Namespace.

7. Navigate to Entities > Event Hubs. Click on + Event Hub button. 

8. Enter basic details to create an Event Hub.

   6. Enter valid Event Hub name. Save it for later use.

   7. Specify the Partition count.

      Note: Partitions enable parallel processing, helping your applications scale. It is recommended to set this between 10-15 for better scalability.

   8. Select Cleanup policy.

   9. Specify the Retention Period for the logs.

      Note: A longer retention period ensures that more logs are retained in Event Hub, reducing the risk of data loss. It is recommended setting the retention period to the maximum allowed value.

   10. Click on Next: Capture > button.

9. Turn Capture to OFF and click Next: Review + create > button.
    

10. Create Event Hub.    

Create Diagnostic settings in Azure AD

This step is needed to send the Azure AD Sign-in logs to Event Hub.

1. Sign in to the Azure Portal and open your Azure AD.

2. Navigate to Diagnostic settings.

   2. Open the Monitoring section.

   3. Click on Diagnostic settings.

3. Click on Add diagnostic setting button.

   Note: To create a Diagnostic Setting, the user must have Security Administrator access to create general diagnostic settings for the Microsoft Entra tenant.

4. Enter Diagnostic setting details.

   1. Enter Diagnostic setting name.

   2. Select Log categories, SignInLogs and NonInteractiveUserSignInLogs.

   3. Select Stream to an event hub option.

   4. Select Subscription.

   5. Select Event hub namespace.

   6. Select Event hub name. (required in our case, to capture logs in one event hub only)

   7. Select Event hub policy name.

   8. Click on Save button.

Get the connection string

1. Navigate to Event Hub.  

2. Navigate to Settings > Shared access policies. Click on the “+ Add” button.

3. Add SAS Policy.

   3. Enter valid policy name.

   4. Select Listen option.

   5. Click on Create button.

4. Click on the Share policy you created. Copy the Primary connection string for later use.

DataBee Configuration

1. Login to the DataBee UI, navigate to Data Management > Data Feeds and click the Add New Data Feed button.

2. Search for Azure AD Sign-in and click on it as shown below.

3. Click on the Azure Event Hub collection method.

4. In configuration, enter the feed contact information.

5. Enter Azure Event Hub connection details

   a. Replace <Namespace> placeholder with Event Hub namespace.

   b. Enter the Consumer Group, otherwise please keep the default value: “$Default”

   c. Enter Event Hub name.

   d. Select PLAIN as Authorization Method.

   e. Enter Event Hub Connection String.

6. Click on Test Connection button.

7. Click on Submit button.

Troubleshooting Tips

• If you are facing an error while testing the connection, then make sure the Event hub namespace, event hub name is the desired one. Make sure the connection string has Listen Claims.

Limitation and Caveats

• This ingestion method does not provide the is_managed or is_compliant mappings for the device object.