Microsoft Entra Integration
Role: Administrators.
Minimum Version: Ivanti Neurons for ITSM 2024.3.
With Entra ID Import, you can maintain your organization's employees be it full-time or contractors. It helps you maintain your users' identities and access control along with the ability to make necessary customizations to suit your business model and need.
Prerequisite
•Keep the following information handy to setup the import. You can obtain them from your Microsoft Entra ID.
•Client ID
•Tenant ID
•Client secret
Configuring Azure AD in ITSM
1.Log in to ITSM as an Administrator.
2.Open the Configuration console, scroll and select LDAP Integration > Entra ID Import.
The Entra ID Import Connections page is displayed.
3.Click Setup new Entra ID connection.
4.Enter information in the following tabs:
Configuration tab
This tab is used to set the configuration information required for the ITSM to Entra ID connection.
The other three tabs will be disabled till you complete the process in the Configuration tab.
| a. | Select the Enabled checkbox. |
| b. | Enter the following information: |
•Connection Name - Enter a contextual name, that contains minimum five characters.
•Client ID, Tenant ID, and Client secret - Enter appropriate details provided by Microsoft Entra.
•Graph API endpoint - Use the default or enter custom URL to connect to import users from the Azure portal by interfacing with Azure Active Directory (Azure AD).
•Token endpoint - Use the default or enter custom URL to request authentication tokens for secure access.
Use only supported URLs when configuring endpoints to match your domain requirements.
Only URLs listed in the Microsoft Graph national cloud deployments are supported. If you enter unsupported URLs, the test connection will fail and display an error.
•Select primary key - select an option from Entra ID, UPN, and Email which serves as unique identifiers, they allow for the precise identification of each user in Azure AD.
Use the Azure AD HTTP request string to apply complex query filters, for an example:
•endsWith(userPrincipalName,'@ivanti.com') and accountEnabled eq true
•(accountEnabled eq true and department eq 'IT') or city eq 'London'
| c. | Click Test Connection after providing all the information to validate the connection details. |
You will get a success message if the connection details are correct.
| d. | Click Save. |
This saves the connection details and enables you to proceed to the next steps but the connection as such is in Inactive state.
Filter Management
This tab is used to set the filters on Entra ID fields. The predicates And, OR, and HttpString are available.
Microsoft Graph SDK is used to connect to APIs. For more information, refer to Make API calls using the Microsoft Graph SDKs.
•AND predicate - In a filter query, AND predicate is used when you want the results to satisfy all filter conditions.
For example, if the filer query is set as,
•Condition 1 - AccountEnabled Equals True
•Condition 2 - City Equals London
The results returned will satisfy both the conditions, that is, the users' Account enabled status should be true and the city should be London.
•OR predicate - In a filter query, OR predicate is used when you want the results to satisfy any one of the filter conditions.
For example, if the filer query is set as,
•Condition 1 - AccountEnabled Equals True
•Condition 2 - City Equals London
The results returned will satisfy either one of the conditions, that is, the users' Account enabled status should be true or the city should be London.
•HttpString predicate - The HttpString predicate is used when you want to enter the filter conditions in string-based HTTP request and the results returned should satisfy the HttpString request.
For example, startsWith('S', displayName) and accountEnabled eq true.
The result returned will be of all records where display name starts with S and account enabled status is true.
For more information on filter queries and predicates, refer to Microsoft Graph - Use the $filter query parameter and Microsoft Graph - Advanced query capabilities on Microsoft Entra ID objects.
Field Mapping
This tab is used to set the field mappings from ITSM to Entra ID. It consists of both existing and new field mappings for a connection.
| a. | Click Add Mapping. |
| b. | Select appropriate mappings from ISM Employee Field to Entra ID Fields. |
| c. | Choose the Mapping Type as either Map or Fixed Value. |
•Map - list options to choose from.
•Fixed Value - you have to provide the input.
| d. | Select the Do not update checkbox against a mapping record to prevent the selected field from updating when imported. |
Schedule and Import
This tab allows you to set a schedule or import immediately. It also has an option to import Administrative Units.
•Choose a schedule from the Schedule list to run the import as per the time in the selected schedule.
or
•Choose Save and Import to run the import immediately.
•Select the Import Administrative Units checkbox to import administrative units in the database.