MicroStrategy ONE

Synchronizing Users from Azure Active Directory

You can add users to your MicroStrategy Identity Network by synchronizing their information from Azure Active Directory (Azure AD). This provides a quick way to add existing user information from Azure AD, keeping the user information between and your IDaaS system consistent and accurate. You can also add multiple agents under the same network, allowing you to cluster agents in the case of fail-over, or to provide support for high-availability.

Azure AD is integrated with MicroStrategy Identity through a lightweight, Java-based application that communicates securely between the Azure AD instance and MicroStrategy Identity Server. The application that performs this role is called the Identity Agent. You install the Iden Agent for Azure AD on a machine in your organization, enabling you to store your Azure AD credentials locally.

When the user information in Azure AD is updated, the Identity Agent provides the updated information to MicroStrategy Identity Server.

The following steps contain only the information required to configure or use Azure AD with MicroStrategy Identity. See Azure's Active Directory documentation for the latest information.

Adding Users from Azure Active Directory

If you have already added users to your MicroStrategy Identity Network through Azure AD, you can manage the users included in your Identity Network by defining the Active Directory groups or organizational units that are synchronized with your Identity Network.

The steps below assume that you have created a MicroStrategy IdentityNetwork and associated badge.

  • You have an Azure AD instance, accessible through Graph API.
  • You have administrator privileges to install the Identity Agent.
  • The machine on which you install the Identity Agent must meet the following requirements:
    • Windows Server 2008 R2 or Windows 2012 R2 (64-bit) operating system.
    • Java SE Development Kit (JDK) version 1.7 or later, 64-bit. The file path of the JDK bin folder must be added to your Microsoft Windows PATH environment variable; for steps, see your third-party documentation. Be sure to restart your host before continuing.
    • Able to communicate with your Azure AD instance.
  • To create a certificate signing request (CSR) to secure your connection, you must have a third-party tool to generate CSRs, such as the OpenSSL® utility.
  • Gather the following information:
    • Connection information to your Azure AD instance, including the server tenant, client ID, and client secret that can be used by the Graph API to access your Azure AD.
    • For on-premises implementation, the signing Certificate Authority that you use to sign client certificates.
  • If you add users to your Identity Network in other ways than through Azure AD, such as by importing users from a comma-separated values file or through a different IDM system such as OpenLDAP, you cannot import users from Azure AD.

Follow the steps below to connect your Azure AD instance with MicroStrategy Identity:

  1. Create a CSR in Azure Active Directory
  2. Install and Configure the MicroStrategy Identity Agent for Azure Active Directory
  3. Add Azure Active Directory Information to MicroStrategy Identity and Synchronize Users

To Create a Cluster of Agents in Your MicroStrategy Identity Network

After registering your Identity Agent in Identity Manager, you can add multiple Agents to create a cluster. There are no limitations on the number of Agents you can add, but you can only have one cluster per Identity Network. The steps below assume that you have an Agent already registered with your network.

  1. Log into MicroStrategy Identity Manager.
  2. Click Users & Badges.
  3. Under your configured Active Directory Agent, click the drop-down arrow and select Add agent from the list.
  4. In the Agent Name field, enter a name for the new Agent.

  5. Copy the Registration code since you need it to complete the Agent configuration.

    Be aware that the code expires every 5 minutes.

  6. Install and Configure the Identity Agent for Microsoft AD Install and Configure the MicroStrategy Identity Agent for Azure Active Directory Install and Configure the MicroStrategy Identity Agent for Okta

To Get the Azure Secret from the Azure Management Portal

  1. Navigate to the Azure Management portal.

  2. Choose the Azure instance the Agent is connecting to.

  3. Click Applications and choose Add at the bottom of the screen.
  4. Click Add an application that my organization is developing.
  5. Enter a name for the application (such as "Azure Agent") and select the Web application and/or web API Type.
  6. In the Sign-on URL and the App ID URI fields, enter http://localhost.com.
  7. Click Configure.
  8. Scroll down the page to the Keys section and choose the period for which the key should be valid.

  9. Click Save.

    When the key value appears, make sure to record this value. It is required to populate the MicroStrategy Identity provisioning tool.

  10. At the bottom of the screen, change the permission to:

    Application Permissions: 6

    Delegated Permissions: 9

Related Topics

Distributing Badges to Users in Your MicroStrategy Identity Network

Editing and Removing Users