Azure Active Directory credentials for People actions

From the Actions menu, at the top-right of the people details page, you can select pre-defined actions related to the person in question.

To execute these actions, Ivanti Neurons needs credentials with the correct set of permissions.
These permissions may not be identical to what a connector needs to synchronize data into Ivanti Neurons.
And from a security perspective, you may not want a connector to always have the privileges needed to perform actions when it is only synchronizing data.

Role and permissions in Microsoft Azure Active Directory

The Microsoft Azure Active Directory connector can synchronize data if it has permissions to read and export user information (for details, see Microsoft Azure Active Directory connector).
In contrast, to perform the actions in the people details page, you must create an app in Azure Active Directory with:

  • the (recommended) role 'User Administrator';
  • the following permissions:
    • User.ReadWrite.All
    • User.ManageIdentities.All
    • Directory.ReadWrite.All
    • Directory.AccessAsUser.All

For information on creating the app, see How to set up an Azure Active Directory (AD) or Azure Intune Connector

Credentials

To specify the credentials, you need the following data for the app you create in Azure Active Directory :

  • Directory (tenant) ID: The ID of the tenant you created in Azure Active Directory.
  • Application (client) ID: The ID of the application you created in Azure Active Directory.
  • Client secret: The client secret associated with the application you created in Azure Active Directory.

This data can be: