Integrate ALM with Azure Active Directory

Use these steps to integrate ALM with Azure Active Directory:

  1. Open a browser and navigate to the Azure Active Directory admin center.

  2. Select Azure Active Directory in the left-hand navigation, then select App registrations under Manage:

    Azure AD Step 1

  3. Select New registration. On the Register an application page, set the values as follows:

    • Set Name: (Delinea ALM).

    • Set Supported account types to: Accounts in this organizational directory only – (Single tenant).

    • Leave Redirect URI empty:

      Azure AD Step 2

  4. Select Register. On the Delinea ALM App Registration page, copy the value of the Application (client) ID and (tenant) ID:

    Azure AD Step 3

  5. Select the Add a Redirect URI link. On the Redirect URIs page, locate the Add Platform button and select the Mobile and desktop applications section.

    Select the https://login.microsoftonline.com/common/oauth2/nativeclient URI and click Configure:

    Azure AD Step 4A

    Azure AD Step 4B

  6. Locate the Default client type section and change the Treat application as a public client toggle to Yes, then choose Save:

    Azure AD Step 5

  7. Select Certificates and secrets from the left-hand menu and do the following:

    • Click new client secret and name it by adding "ALM" to the Description field.

    • Copy the client secret for later.

      Azure AD Step 6

  8. Select API Permissions in the left navigation panel and do the following:

    • Select Add Permissions.

    • Select Microsoft Graph.

    • Add the following permission options:

      • Delegated Permissions:
        • Directory.AccessAsuser.All
      • Application Permissions:
        • Group.Read.All
        • Group.ReadWrite.All
        • Group.Selected
        • User-PasswordProfile.ReadWrite.All
        • User.Read.All
        • User.ReadWrite.All
        • RoleManagement.Read.All
        • RoleManagement.Read.Directory
        • RoleManagement.ReadWrite.Directory

      Azure AD Step 7

  9. Select Grant admin consent.

  10. Switch over to ALM:

    • Navigate to Integrations.
    • Select Domains from the list.
    • Select Add Domain.
    • Enter a Name for the Domain.
    • From the Domain Type drop-down, select Azure Active Directory.
    • Select Edit from the Actions menu.
    • Optional Enable and configure domain synchronization.
    • Enter the client, secret, and tenant ID in the created Azure AD Domain.
    • Select Save from the Actions menu:

      Azure AD Step 8

Optional: Use these steps to enable Sync:

  1. In ALM, navigate to the Domains page.
  2. Select a Domain for which you want Sync enabled.

  3. On the Manage tab of the Domains detail page:

    • Select Edit
    • Locate the Sync tool (in the lower half of the Manage tab).
  4. Set the Enable Sync toggle to Yes.

  5. Set the desired sync frequency. Review your work.

    To commit the configuration, return to the Actions button at the top of the page and select Save.