Follow

AD Integration - with Azure AD

IMPORTANT - this feature has not been released to public yet

Requires Office 365 with users in Azure AD

Requires Pronestor Room & Catering Cloud 

Permissions - Administrator permissions on Azure AD / Pronestor Room & Catering Admin

Required fields

The following fields are required on a user;

  • mail
  • displayName
  • id (Guid)
  • givenName
  • surname
  • userPrincipalName

Optional fields:

  • mobile phone
  • phone

App registration tool

Preparing settings on Azure AD (Azure AD administrator)

  1. Go to https://apps.dev.microsoft.com, login as admin for the Azure AD
  2. Create a new app
    1. Copy the "Application ID[need for later configuration]
    2. Click "Generate New Password" copy the Password [need for later configuration]
    3. Click "Add Platform" and choose “Web
    4. Enable "Allow Implicit Flow"
    5. Enter redirect URLs
      1. https://yoursite.pronestor.com 
        (where yoursite is matching the URL to the Pronestor Site)
      2. https://yoursite.pronestor.com/Account/GrantPermissions
        (Ignore Logout URL)
    6. Add the following permissions;
      1. Delegated permissions: User.Read
      2. Application Permissions: Directory.Read.All, Group.Read.All, User.Read.All
    7. Click “Save”
  3. Go to https://portal.azure.com, choose
    1. Click "Azure AD" and then "Properties"
    2. Copy the "Directory ID[need for later configuration]


Allowing the app to be referenced (Azure AD administrator)

Now we need the permissions to reference the appl created from your Pronestor solution. (for further elaboration see section 3 in https://developer.microsoft.com/en-us/graph/docs/concepts/auth_v2_service)

An URL to be clicked should be constructed - following this format.

https://login.microsoftonline.com/{0}/adminconsent?client_id={1}&redirect_uri={2}

{0} - should be the Directory ID retrieved from step 3 above
{1} - should be the Application ID retrieved from step 2.3 above
{2} - should be the redirect URL - ex. https://yoursite.pronestor.com/Admin/UserImport.mvc/GrantPermissions

Open that link to confirm 

 

Preparing settings on Pronestor (requires Pronestor administration)

  1. Go to https://yoursite.pronestor.com, login as administrator for Pronestor
  2. Go to "Administration"->"Settings"->"Import Users".
    1. Click "New Import job"
      1. Choose "Azure Active Directory" as Type
      2. Enter the Azure ID which is the Directory ID retrieved from step 3 above
      3. Enter the Client ID which is the Application ID retrieved from step 2.3 above
      4. Enter the Client Secret which is the Password retrieved from step 2.2 above
      5. In Default User Password - enter a password used for new accounts (not important if using Azure AD for authentication)
      6. Default User Language - choose the default language for new users
      7. Login format - use "WindowsLogin"
      8. Strip domain - leave in unselected
  3. Fill in the remaining fields and click "Save"

 

Performing the first import

  1. Click "Edit" for the newly created import job
    1. Click "Linking" and “Load AD structure”
    2. Setup the linking structure and click Save links
  2. Click "Sessions" and click Perform import or Perform test import
    1. Any users that cannot be imported due to missing fields will be listed in the Log
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

Powered by Zendesk