Data Center 6.0
バージョン

Microsoft Entra ID を設定する

ディレクトリの追加

このページの内容

関連コンテンツ

  • 関連コンテンツがありません

お困りですか?

アトラシアン コミュニティをご利用ください。

コミュニティに質問

You can configure Microsoft Entra ID as a directory in Crowd. All changes to your users, groups, and memberships will be synced between Microsoft Entra ID and Crowd periodically, or whenever you request it. You'll be able to view information about your users directly in Crowd by using the User browser and Group browser.

はじめる前に

Microsoft Entra ID を設定する前に、次の制限を把握しておく必要があります。

  • In Microsoft Entra ID, you can have multiple groups with the same name (displayName) but this isn't supported in Crowd and results in a failing synchronization. Make sure you change your Microsoft Entra ID group names to unique ones.
  • Crowd doesn't support multi-factor authentication. You'll need to disable it for your users in Microsoft Entra ID, or they won't be able to log in to Crowd or any integrated applications. 
  • If you need to make any changes to your users, make them directly in Microsoft Entra ID. You can't edit your Microsoft Entra ID users in Crowd.

Microsoft Entra ID を設定する

To configure Microsoft Entra ID, you’ll need to create two applications in your Microsoft Azure portal, and then use them to add Microsoft Entra ID to Crowd.

1. Microsoft Entra ID Web アプリで、次の手順に従います。

詳細を読む...

1. Create a web application to allow Crowd to communicate with Microsoft Entra ID:
  1. Microsoft Azure ポータルにログインします。
  2. Microsoft Entra ID に移動し、[アプリの登録] を選択します。
  3. 次の詳細を使用して新しいアプリ登録を作成します。
    • アプリの種類: Web (オプションは [リダイレクト URI] サブセクションにあります)

    • Sign-on URL: <Crowd's base URL>

      Where can I find my Crowd's base URL?
      In Crowd, go to Administration , then select General, and check the value of Base URL.

After the application is created, note down the Application (client) ID assigned to it. You will need it later on to configure the integration in Crowd.

2. Configure permissions for the web application to allow Crowd to read data from Microsoft Entra ID:
  1. Web アプリで、[API のアクセス許可] を選択します。
  2. In the API permissions section, select Add a permission.
  3. Under Microsoft APIs select Microsoft Graph, and select Application permissions for the type of permissions required for this application
  4. 次の権限を追加します。
    • Directory.Read.All
  5. Select Add permissions and then, under Grant consent section, select Grant admin consent.
  6. [はい] を選択して確定します。
3. Create a key for the web application. Crowd will use this key to authenticate to Microsoft Entra ID:
  1. Web アプリを選択します。
  2. In the Certificates & secrets section, select New client secret.

  3. キーの説明と有効期限を選択して保存します。 

    Keep in mind that when the key expires and you don't replace it, Crowd won't be able to communicate with Microsoft Entra ID.

  4. キーの値をコピーして保存します。

    キー設定から離れると表示できなくなります。

2. Microsoft Entra ID ネイティブ アプリで、次の手順に従います。

詳細を読む...
4. Create a native application that will be used by Crowd to validate user credentials:
  1. Go to App registrations, and create a new application registration with the following details:
    • 種類: ネイティブ (オプションは [リダイレクト URI] サブセクションにあります)
    • Redirect URL: <Crowd's base URL>

Note down the Application ID assigned to it. You will need it later on to configure the integration in Crowd.

5. Configure permissions for the native application to allow Crowd to validate user credentials:
  1. Click your native application.
  2. Click API Permissions
  3. Under Grant consent section, click Grant admin consent button.
  4. Click Yes and confirm.
6. Configure manifest for the native application to allow Crowd to validate user credentials:
  1. Click your native application.
  2. Click Manifest
  3. In the manifest editor, set the allowPublicClient property to true
  4. In the bar above the manifest editor, click Save 
7. Get the Tenant ID to configure the integration in Crowd:
  1. メインの Microsoft Entra ID ブレードに移動します。
  2. Click Properties
    Note down the Directory ID - this is the Tenant ID you will need later on to configure the integration in Crowd.

3. Steps in Crowd

詳細を読む...
8. Add Microsoft Entra ID to Crowd.
  1. Log in to the Crowd Administration Console.
  2. From the top navigation bar, select Directories
  3. Select Add directory, then select Microsoft Entra ID as type.
  4. Fill out the required fields.
    You will need to specify the Tenant ID, Web application ID, Web application key and Native application ID that you received when you configured Microsoft Entra ID.
  5. If you're integrating with an Microsoft Entra ID region that uses alternative API URLs (for example Azure Germany), you can pick the region from the Region dropdown.
    If your region isn't listed, you can pick Custom, and enter the appropriate API URLs manually.
  6. (optional) DATA CENTER ONLYIn the Group filtering section, instead of adding the whole user directory to Crowd, you can choose specific groups from Microsoft Entra ID. Only members of these groups will be added to Crowd. 

  7. (オプション) 必要に応じて既定の同期設定を変更します。

    DATA CENTER ONLY If you check Enable group filtering and Enable nested groups checkboxes, the Synchronize group memberships when logging setting is automatically set to Never and can't be changed.

  8. (optionalSelect Test connection to verify if data you entered is correct.

You've added your Microsoft Entra ID to Crowd. You should now see a brief summary of your directory and details about the synchronization.

場合によっては、新しい権限が Microsoft Entra ID にまだ反映されていないため、初回の同期に失敗することがあります。しばらく待つと、問題は自動的に解決します。

Crowd will automatically pull data from Microsoft Entra ID. If that doesn't happen, you can select Synchronize nowOnce the synchronization is complete, you can check your users and groups from Microsoft Entra ID by going to Users/Groups in the top navigation bar.

フィールド マッピング

The following tables show how fields in Microsoft Entra ID are mapped to those in Crowd. We're comparing Microsoft Entra ID's API fields with Crowd's UI fields.

ユーザー

Microsoft Entra IDCrowd
userPrincipalNameユーザ名
displayName表示名
givenName
ファミリー名
アカウントが有効アクティブ
ID外部 ID
メールメール アドレス

グループ

Microsoft Entra ID fieldCrowd field
displayName名前
description説明
ID外部 ID
最終更新日 2024 年 9 月 3 日

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する

関連コンテンツ

  • 関連コンテンツがありません
Powered by Confluence and Scroll Viewport.