Configuration Parameters

Azure Active Directory (Azure AD) now known as Microsoft Entra ID configuration can be enabled by a user with the Administer Active Directory role. To change these settings, navigate to Admin > Directory Services, click on the Domain Name associated with your Azure AD directory, and then click Edit.

When creating a new directory, the configuration screen settings have the following fields:

• Fully Qualified Domain Name: For example, if your AD account is jcogley@OFFICE.test.com then your domain would be OFFICE.test.com. You can also change an existing domain should your company decide to rename an Active Directory Domain - this allows you to keep your auditing history.

• Friendly Name: A friendly display name for the Azure Directory. When an existing Azure AD Domain is edited, you can still view and edit the Tenant ID, Client ID, and Client Secret fields, or synchronize secret.
• State: Enable or disable the Azure Active Directory domain integration.

• Use LDAPS: When enabled, the server will connect using secure LDAPS protocol.

• Synchronization Secret: Select or create a secret for synchronization. If the Synchronization Secret is set, the Tenant ID, Client ID, and Client Secret will be taken from the Synchronization Secret. If the Synchronization Secret cleared, the Tenant ID, Client ID, and Client Secret fields can be edited again, but once an Azure AD domain is saved with a Synchronization Secret set, the Tenant ID, Client ID, and Client Secret will not be editable anymore.

• Site: The container in which heartbeat, RPC, and other Secret activities occur.

• Multifactor Authentication: Auto-Enable two factor for new Users. Select the related MFA from the dropdown:
  • FIDO2
  • TOTP Authenticator
  • Duo
  • Radius
  • Email

• User Lockout Protection: When enabled, synchronization will not disable this domain's users if it would result in every user in this domain being disabled.