Skip to main content
Skip table of contents

Azure AD sync

This guide will walk you through the process of enabling Azure AD for better user management and higher security.

Summary

GuardREC Compliance connects to the customer tenant and reads out all users in one specific user group (in customer tenant). All users in this group will be synchronized with users in GuardREC Compliance. Adding or removing users from the AD group will automatically update the system.

Pre-requisites

GuardREC Compliance needs access to the customer tenant, in order to retrieve user and user group information. The following permissions are required:

  • Sign in and read user profile (default)

  • Read all users' full profile (User.Read.All)

  • Read all groups (Group.Read.All)

  • Read all group memberships (GroupMember.Read.All)

Step 1: Approve admin consent

Open the link provided from GuardREC Compliance to grant the admin consent.

To accept an admin consent, the user must have Azure AD admin rights

The link would look like this:

https://login.microsoftonline.com/common/adminconsent?client_id=????????-????-????-????-????????????&state=42&redirect_uri=https://www.guardrec.com

If you don’t have admin access, then this message is displayed:

If you have admin access, then this message is displayed:

Step 2: Create AD group with users

Create an Azure AD group in customer tenant and add users to the group.

Only users in this group will have access to GuardREC Compliance.

Step 3: Inform GuardREC about customer setup

The following information must be provided to GuardREC Compliance to complete the setup:

  • Azure AD group ID

  • Fieldname containing e-mail address

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.