Azure Active Directory

To add your Azure AD tenant to Identity360:

Log in to Identity360 as an Admin or Super Admin.
Navigate to Universal Directory tab > Directory Integration > Manage Directory.
Click Add Directory.
Click Configure in the Azure Active Directory card under the Import From Directories section.
Continue the steps under automatic or manual Microsoft 365 tenant configuration.

Automatic Microsoft 365 tenant configuration

Click Authorize Identity360 and follow the instructions to automatically add the tenant to Identity360. This is the default method to add a Microsoft 365 tenant to Identity360.
Click Proceed. You will be redirected to the Azure AD login page.
Enter the Email address and Password of an account that has Global Administrator permissions and login.
Once you are logged in, you will be prompted to grant Identity360 access to users and domain details from your Azure AD environment. Click Accept.
You will be redirected back to the Identity360 portal.
The Azure AD tenant is now integrated with Identity360.

Manual Microsoft 365 tenant configuration

The tenant must be configured manually if the automatic configuration was not successful due to permission issues. To do that, select Click here to configure with an already existing Azure AD application. Please note that you can also opt to configure manually and skip the automatic configuration altogether with the option provided.

Manual tenant configuration involves the following two steps:

Create an Azure AD application.
Configure the Azure AD application in Identity360.

Steps to create an Azure AD application

Sign in to the Azure AD portal using the credentials of a Global Administrator account.
Select Microsoft Entra ID from the left pane.
Select App registrations.
Click New registration.
Provide a Name for the Identity360 application to be created.
Select a supported account type based on your organizational needs.
Leave Redirect URI (optional) blank; you will configure it in the next few steps.
Click Register to complete the initial app registration.
You will now see the Overview page of the registered application.
Click Add a Redirect URI.
Click Add a platform under Platform configurations.
In the Configure platforms pop-up, click Web under Web applications.
In the Redirect URI field, enter the following value,
- https://identitymanager.manageengine.com/api/public/v1/oauth/redirect
You can leave the Logout URL and Implicit grant fields empty. Click Configure.
On the Authentication page, under Redirect URIs, click Add URI.
Enter the applicable redirect URI:
- https://id360.manageengine.com/configure-azure-ad
- https://id360.manageengine.com/access-management-cb
Click Save.
Click Manifest from the left pane.
Copy the entire contents from this file and paste them into the section highlighted in the image below.

Application scopes mentioned in the file:

Microsoft Graph scopes

Application.ReadWrite.All
Directory.ReadWrite.All
Group.ReadWrite.All
RoleManagement.ReadWrite.Directory
User.ReadWrite.All

Office 365 Exchange Online

Exchange.ManageAsApp

create an Azure AD application

Note: Copy-paste content only from the open square bracket to the closed square bracket. Ensure that all punctuation marks are retained correctly. Once you have pasted the file, it should look like the image below.

create an Azure AD application

Click Save.
Click API permissions from the left pane.
In the Configured permissions section, click ✓ Grant admin consent for <your_company_name>.
Click Yes in the pop-up that appears.
Click Certificates & secrets from the left pane.
Under the Client secrets section, click New client secret.

create an Azure AD application

This section generates an app password for Identity360. In the Description field of the pop-up, provide a name to identify the app to which the password belongs.
Choose when the password should expire.
Click Add.
Copy the string under Value and save it. This is the Application Secret Key, which you will need later.
Now go to the Overview section in the left pane.
Copy the Application (client) ID and Object ID values and save them. You will need these values to configure your tenant in the Identity360 portal.

create an Azure AD application

Search for Microsoft Entra ID roles and administrators using the search bar.
Click Privileged Authentication Administrator. Under the Membership pane, click Add assignments and select the Application as member. Under the Settings pane, click Active under Assignment type.
Click Exchange Administrator. Under the Membership pane, click Add assignments and select the Application as member. Under the Settings pane, click Active under Assignment type.

Note: Both Application (client) ID and Application Name can be used to search the application.

How to configure?

Click Configure manually to add the tenant to Identity360 manually if the automatic configuration was not successful due to permission issues.
Enter your Tenant Name. For example, test.onmicrosoft.com.
Enter the Application ID and Application Object ID of the Azure AD application configured for Identity360 in their respective fields. Paste the values copied from Step 31.
Enter the Application Secret Key of the Azure AD application configured for Identity360 in the respective field. Paste the value copied from Step 29.
Click Add Tenant.
The Azure AD tenant is now integrated with Identity360.

To manage the users in your Azure AD tenant from Identity360, use the All Users option.

You've now configured AzureAD application with Identity360.

Steps to modify an Azure Active Directory tenant

Navigate to Universal Directory → Directory Integration → Manage Directory → Azure Active Directory.
Under the Action column, click the edit icon of the respective tenant you want to modify.
You can edit the values in the Application ID and Application Object ID fields.