Azure AD sync
This guide will walk you through the process of enabling Azure AD for better user management and higher security.
Summary
GuardREC Compliance connects to the customer tenant and reads out all users in one specific user group (in customer tenant). All users in this group will be synchronized with users in GuardREC Compliance. Adding or removing users from the AD group will automatically update the system.
Pre-requisites
GuardREC Compliance needs access to the customer tenant, in order to retrieve user and user group information. The following permissions are required:
Sign in and read user profile (default)
Read all users' full profile (User.Read.All)
Read all groups (Group.Read.All)
Read all group memberships (GroupMember.Read.All)
Step 1: Approve admin consent
Open the link provided from GuardREC Compliance to grant the admin consent.
To accept an admin consent, the user must have Azure AD admin rights
The link would look like this:
https://login.microsoftonline.com/common/adminconsent?client_id=????????-????-????-????-????????????&state=42&redirect_uri=https://www.guardrec.com
If you don’t have admin access, then this message is displayed:
If you have admin access, then this message is displayed:
Step 2: Create AD group with users
Create an Azure AD group in customer tenant and add users to the group.
Only users in this group will have access to GuardREC Compliance.
Step 3: Inform GuardREC about customer setup
The following information must be provided to GuardREC Compliance to complete the setup:
Azure AD group ID
Fieldname containing e-mail address