Importing users from Azure AD

You can integrate Password Manager Pro with Azure Active Directory (AD) in your environment, and import users and user groups from there. Once integrated, you can allow users to use their Azure AD credentials to log in to Password Manager Pro in both Windows and Linux platforms.

Prerequisite

To integrate Password Manager Pro with Azure AD and import users, Password Manager Pro should first be added as a native client application in your Azure AD portal. Follow the steps given below to register Password Manager Pro as an application:

  • Log in to your Microsoft Azure portal.
  • Click on the Azure Active Directory icon on the left menu and then click on 'App registrations'.
  • On the top menu, click '+ New application registration'. 
  • On the Create page, enter the Name as Password Manager Pro and under 'Application type', choose Native. Enter the 'Sign-on URL' of Password Manager Pro application and click the 'Create' button.  Password Manager Pro will be added as an application in Azure AD.
  • In the next page, click on the Password Manager Pro application. You will be taken to 'Settings' page.
  • In this page, click on 'Properties'. You can find the 'Object ID' and 'Application ID' generated for your Password Manager Pro application, which you will need while integrating Azure AD in Password Manager Pro GUI. You can add the Password Manager Pro logo if desired (Optional).
  • On the Settings page, scroll to the bottom and locate the section 'Required permissions'. Click on '+ Add' and click on 'Select an API'. By default, Windows Azure Active Directory will be added with 2 delegated permissions.
  • In the page that opens, select 'Microsoft Graph' and click the 'Select' button in the end  of the page.
  • Once added, the final step is to delegate 'Read directory data' and 'Grant Permissions' for Microsoft Graph. Click 'Done'.

Once you have registered Password Manager Pro in Azure AD portal, go to Admin >> Authentication >> Azure AD in Password Manager Pro.

In the new screen that opens, there are totally three steps involved as given below:
Step 1: Import users from Azure AD
Step 2: Specify appropriate user roles
Step 3: Enable Azure AD authentication

Note: Alternatively, you can also carry out the import operation from "Admin-->Users-->Add Users-->Import from Azure AD." However, you have to go to Admin-->Azure AD to carry out Step 3 - enabling Azure AD authentication.

Step 1: Import users from Azure AD

To begin importing users, you need to provide the required credentials such as client ID and user account details. To do this,

  • Go to Step 1 in the UI screen, and click on "Import Now".
  • In the dialog box that opens, the first step is to add the Azure AD domain from which users and groups are to be imported. Click on "New Domain" beside the field "Select Domain Name," and add your domain name.
  • Next, enter the CLIENT ID generated beforehand in Azure AD server while registering Password Manager Pro as a Native client application in your Azure portal.
  • Next, enter a valid user credential (username and password) having sufficient permissions to enable user import. Usually, the username will be a part of either <username@domain.onmicrosoft.com>, for instance in testuser@pmpdemo.onmicrosoft.com, <testuser> is the username. After entering the CLIENT ID and domain details, click Save to keep them auto-populated for future import operations. 
  • [Optional Step] If you want only particular users and groups to be imported from Azure AD directory, enter the required user name(s) in comma separated form, in the field "Users to import," and required group names in the text field, "User Groups to import."
  • [Optional Step] To keep the user database constantly in sync with your Azure AD, you can add synchronization schedules. In the field "Synchronization Interval," enter the time interval at which Password Manager Pro has to query Azure AD and keep the user database in sync.
  • After entering the required details, click on "Fetch Groups." Password Manager Pro will list all the user groups available in your Azure AD domain, from which you can select the desired groups and import the users.
  • Click Close and you will be automatically taken to Step 2: Specify appropriate user roles.

Note: Synchronization schedules created for Azure AD user import can be viewed by clicking on View Synchronization Schedules as shown in the images below:

Step 2: Specifiy appropriate user roles

After import, all the users imported from Azure AD will be assigned the "Password User" role as shown in the dialog box that opens once the users are imported.

  • Click "Change role" button against the desired users for whom you wish to change the role and select the appropriate role from the drop-down menu.
  • Select the users for whom you wish to change the role and clik the "Grant" button to assign them the role of Administrator/Password Administrator/Password Auditor from the dropdown.
  • Click Save and the required roles are set for the users.
  • Note: You can change the assigned roles anytime in the future by clicking on Assign Roles Now as shown in the image below:

Step 3: Enable Azure AD authentication

The third step is to enable Azure AD authentication. This will allow your users to use their Azure AD domain password to login to Password Manager Pro. Note that this scheme will work only for users who have been already imported to the local database from Azure AD. Also, ensure that AD authentication is disabled before enabling Azure AD authentication.

Note:After enabling Azure AD authentication, if you want to disable local authentication under General Settings-->User Management, make sure you have at least one user with the 'Administrator' role, among the users imported from Azure AD. Administrator role is required to carry out user management and other system operations in Password Manager Pro.

>> Go to old UI

©2014, ZOHO Corp. All Rights Reserved.

Top