Configure Azure Active Directory Domain

The steps below are used for adding an Azure Active Directory configuration to Directory Services.

For this procedure, you need a local account with the Administer Active Directory role.

Add Azure Active Directory Domain

  1. Navigate to Admin > Directory services.

  2. Click the Add domain button.

  3. Select Active Directory Domain from the dropdown.

  4. Set the following fields:

    • Fully Qualified Domain Name: For example, if your AD account is jcogley@OFFICE.test.com then your domain would be OFFICE.test.com. You can also change an existing domain should your company decide to rename an Active Directory Domain - this allows you to keep your auditing history.
    • Friendly Name: A friendly display name for the Azure Directory. When an existing Azure AD Domain is edited, you can still view and edit the Tenant ID, Client ID, and Client Secret fields, or synchronize secret.
    • State: Enable or disable the Azure Active Directory domain integration.

    • Use LDAPS: When enabled, the server will connect using secure LDAPS protocol.

    • Synchronization Secret: Select or create a secret for synchronization. If the Synchronization Secret is set, the Tenant ID, Client ID, and Client Secret will be taken from the Synchronization Secret. If the Synchronization Secret cleared, the Tenant ID, Client ID, and Client Secret fields can be edited again, but once an Azure AD domain is saved with a Synchronization Secret set, the Tenant ID, Client ID, and Client Secret will not be editable anymore.

    • Site: The container in which heartbeat, RPC, and other Secret activities occur.

    • Multifactor Authentication: Auto-Enable two factor for new Users. Select the related MFA from the dropdown:
      • FIDO2
      • TOTP Authenticator
      • Duo
      • Radius
      • Email

    • User Lockout Protection: When enabled, synchronization will not disable this domain's users if it would result in every user in this domain being disabled.

    When done, click Validate and Save.

  5. Once validation completes, you will see the Friendly domain name listed.

  6. Click the name of the new domain to open the configuration page.

  7. Click the Groups tab, and click Edit next to Synchronized groups.

  8. Scroll to or search for each desired group containing users you want to sync in the Select Groups table. Ensure each group's check box is checked.

  9. Click Save. You will now see the selected groups in the Synchronized groups table.

  10. Click the Directory Services breadcrumb link at the top of the page to navigate back to the Directory Services page.

  11. Click the Sync Now button to sync the directory groups.