MicroStrategy ONE
Install and Configure the MicroStrategy Identity Agent for Azure Active Directory
- Open and run the Identity Agent installation file as an administrator by right-clicking on
cluster_Azure_agent_installer.exe
to select Run as administrator. The Identity Agent installation wizard opens. Do the following:- Review the information on the Welcome screen and click Next.
- After you accept the license agreement, click Next.
- Click Install to begin the installation.
Leave the Launch Identity Agent for Azure ID box checked, and click Finish to close the installation wizard and open the Identity Agent Provisioning Tool (APT).
If the APT does not open automatically when you finish installing the Identity Agent, you can open it by navigating to its file location. To navigate to the default file location, click the Windows Start button, click All Programs, and expand the Identity Agent for the Azure Active Directory folder. Right-click Config Identity Agent for Azure Active Directory GUI and select Run as administrator.
- In the APT, choose Register new agent and click Next.
- In the first dialog window, to register the initial connection between MicroStrategy Identity Server and the Identity Agent, do the following:
- In the MicroStrategy Identity Server URL (One-way SSL) field, enter the URL provided by Identity Manager, as described in Create a CSR in Azure Active Directory.
- If the Agent is being installed within a network protected by a proxy, you must add the proxy information to the Agent.
- Click the drop-down menu next to Is the network protected by proxy or firewall? and choose Proxy.
- Provide the proxy host, port, username, and password.
-
Add the CA chain to the trust store:
If MicroStrategy Identity Server is installed in your IT infrastructure, you must add its Certificate Authority (CA) chain to the Identity Agent's CA trust store. If the chain contains more than one certificate, each one must be imported individually.
- Click the drop-down menu next to Is MicroStrategy Identity Server CA included in truststore? and choose No.
- Click Add CA to truststore.
- Enter an Alias for the CA certificate. Existing CA names should not be used.
- In the Certificate Path field, enter the path to the CA certificate, or click Browse to navigate to the file.
- Click Add to import the certificate into the trust store.
- In the CSR file path field, enter the path to the CSR, or click Browse to navigate to the file.
- In the Registration code field, enter the code provided by Identity Manager, as described in Create a CSR in Azure Active Directory. If the registration code has expired, click the refresh icon in Identity Manager to acquire a new code.
- Click Submit to go to the next dialog window.
- In the second dialog window, set up the connection between MicroStrategy Identity Gateway and the Identity Agent:
- The Organization ID and Application ID are pre-populated from the initial connection to MicroStrategy Identity Server. The Application ID should match the Agent ID provided by Identity Manager, as described in Create a CSR in Azure Active Directory.
- In the Private key path field, enter the path to the private key, or click Browse to navigate to the file.
- The Gateway URL is pre-populated from the initial connection to MicroStrategy Identity Server.
- If MicroStrategy Identity Gateway is installed in your IT infrastructure and uses a different CA than MicroStrategy Identity Server, you must add its CA chain to the Identity Agent's CA trust store. If the chain contains more than one certificate, each one must be imported individually. Review the instructions in Step 3c above if needed.
- Ensure that the drop-down menu next to Please choose the agent adapter type has selected Azure agent.
- Click Next.
- On the Azure Configuration dialog window, complete the following fields:
- Azure server tenant: Enter the tenant name of your Azure instance. See the Azure documentation for information about how to create your tenant.
- Azure client ID: Enter your Azure client ID. To get the client ID, you first need to configure Azure Agent to user Azure AD login. This can be done through the Azure Management portal.
- Azure client secret: Enter the Azure client secret, available through the Azure Management portal. SeeSynchronizing Users from Azure Active Directory for steps to do this.
Synchronization period (default 7200s): Enter the synchronization period to indicate the frequency of synchronization between Azure AD and MicroStrategy Identity. This will be a full synchronization each time, rather than an iterative one.
By default, this value is 7200 seconds, but this can be set to a higher or lower value. Because this will perform a full synchronization, the record count may be very high, so this should be set to allow as much time between synchronizations as possible.
Click Submit. The Identity Agent tests the connection with your Azure AD instance and completes its configuration.
- After validating the Azure server information, click OK to complete the configuration. The APT will close automatically.
Next,Add Azure Active Directory Information to MicroStrategy Identity and Synchronize Users.