Configuring Azure Active Directory
You can configure your Microsoft Azure Active Directory (Azure AD) as a directory in Crowd. All changes to your users, groups, and memberships will be synced between Azure AD and Crowd periodically, or whenever you request it. You'll be able to view information about your users directly in Crowd by using the User Browser and Group Browser.
はじめる前に
Before you configure your Azure AD, you should know about the following restrictions:
- In Azure AD, you can have multiple groups with the same name (displayName), but it's not supported in Crowd and results in a failing synchronization. Make sure you change your Azure AD group names to unique ones.
- Crowd doesn't support multi-factor authentication. You'll need to disable it for your users in Azure AD, or they will not be able to log in to Crowd or any integrated applications.
- If you need to make any changes to your users, make them directly in Azure AD. You can't edit your Azure AD users in Crowd.
Configuring Azure Active Directory
To configure Azure AD, you’ll need to create two applications in your Azure Portal, and then use them to add Azure AD to Crowd.
1. In Azure web application.
1. Create a web application to allow Crowd to communicate with Azure AD:
- Log in to your Azure Portal.
- Go to Azure Active Directory > App registrations.
- 次の詳細を使用して新しいアプリ登録を作成します。
- アプリの種類: Web (オプションは [リダイレクト URI] サブセクションにあります)
Sign-on URL: <Crowd's base URL>
Where can I find my Crowd's base URL?In Crowd, go to
> General, and check the value of Base URL.
After the application is created, note down the Application (client) ID assigned to it. You will need it later on to configure the integration in Crowd.
2. Configure permissions for the web application to allow Crowd to read data from Azure AD:
- In your web application, click API permissions.
- In the
API permissionssection, click Add a permission. - Under Microsoft APIs select Microsoft Graph, and select Application permissions for the type of permissions required for this application
- 次の権限を追加します。
- Directory.Read.All
- Click Add Permissions and then, under Grant consent section, click Grant admin consent button.
- Click Yes and confirm.
3. Create a key for the web application. Crowd will use this key to authenticate to Azure AD:
- Click your web application.
- In the Certificates & secrets section, click New client secret.
Choose a description and an expiry date for your key then save it.
Keep in mind that when the key expires and you don't replace it, Crowd will not be able to communicate with Azure AD.キーの値をコピーして保存します。
You will not be able to view it after navigating away from the key settings.
2. In Azure native application
4. Create a native application that will be used by Crowd to validate user credentials:
- Go to App registrations, and create a new application registration with the following details:
- 種類: ネイティブ (オプションは [リダイレクト URI] サブセクションにあります)
- Redirect URL: <Crowd's base URL>
Note down the Application ID assigned to it. You will need it later on to configure the integration in Crowd.
5. Configure permissions for the native application to allow Crowd to validate user credentials:
- Click your native application.
- Click API Permissions
- Under Grant consent section, click Grant admin consent button.
- Click Yes and confirm.
6. Configure manifest for the native application to allow Crowd to validate user credentials:
- Click your native application.
- Click Manifest
- In the manifest editor, set the
allowPublicClientproperty to true - In the bar above the manifest editor, click Save
7. Get the Tenant ID to configure the integration in Crowd:
- Go to the main Azure Active Directory blade.
- Click Properties.
Note down the Directory ID - this is the Tenant ID you will need later on to configure the integration in Crowd.
3. Steps in Crowd
You've added your Azure AD to Crowd. You should now see a brief summary of your directory, and details about the synchronization.
In some cases, the synchronization might be failing at first because the new permission wasn't yet propagated in Azure AD. Just wait a few minutes, the problem will fix itself.
Crowd will automatically pull data from Azure AD. If that doesn't happen, you can click Synchronise now. Once the synchronization is complete, you can check your users and groups from Azure AD by going to Users/Groups in the top navigation bar.
フィールド マッピング
The following tables show how fields in Azure AD are mapped to those in Crowd. We're comparing Azure AD's API fields with Crowd's UI fields.
ユーザー
| Azure AD | Crowd |
|---|---|
| userPrincipalName | ユーザ名 |
| displayName | 表示名 |
| givenName | 名 |
| ファミリー名 | 姓 |
| アカウントが有効 | アクティブ |
| ID | 外部 ID |
| メール | メール アドレス |
グループ
| Azure AD field | Crowd field |
|---|---|
| displayName | 名前 |
| description | 説明 |
| ID | 外部 ID |