Configuring Azure Active Directory
You can configure your Microsoft Azure Active Directory (Azure AD) as a directory in Crowd. All changes to your users, groups, and memberships will by synced between Azure AD and Crowd periodically, or whenever you request it. You'll be able to view information about your users directly in Crowd by using the User Browser and Group Browser.
Before you begin
Before you configure your Azure AD, you should know about the following restrictions:
- In Azure AD, you can have multiple groups with the same name (displayName), but it's not supported in Crowd and results in a failing synchronization. Make sure you change your Azure AD group names to unique ones.
- Crowd doesn't support multi-factor authentication. You'll need to disable it for your users in Azure AD, or they will not be able to log in to Crowd or any integrated applications.
- If you need to make any changes to your users, make them directly in Azure AD. You can't edit your Azure AD users in Crowd.
Configuring Azure Active Directory
To configure Azure AD, you’ll need to create two applications in your Azure Portal, and then use them to add Azure AD to Crowd.
Steps in Microsoft Azure
Web application
Create a web application to allow Crowd to communicate with Azure AD.
- Log in to your Azure Portal, and go to Azure Active Directory.
- Go to App registrations.
- Create a new application registration with the following details:
- Application type: Web app / API
Sign-on URL: Crowd's base URL
Where can I find my Crowd's base URL?To view the Crowd's base URL, log in to Crowd, go to
> General, and check the value of Base URL.
Configure permissions for the web application to allow Crowd to read data from Azure AD.
- Click your web application.
- In the
API ACCESSsection, click Required permissions. - Click Add > Select an API, and select Microsoft Graph. Then, add the following permission from:
- Read directory data
Make sure you add the permission from the application permissions list (not delegated permissions).
- Read directory data
- Click Save and close the Enable Access blade.
- Click Grant Permissions and confirm.
Create a key for the web application. Crowd will use this key to authenticate to Azure AD.
- Click your web application.
- In the
API ACCESSsection, click Keys. - Choose a name and an expiry date for your key, then save it. Keep in mind that when the key expires and you don't replace it, Crowd will not be able to communicate with Azure AD.
- Copy and store the key value. You will not be able to view it after navigating away from the key settings.
Native application
Create a native application that will be used by Crowd to validate user credentials.
- Again, go to App registrations, and create a new application registration with the following details:
- Type: Native
- Redirect URL: Crowd's base URL
Configure permissions for the native application to allow Crowd to validate user credentials.
- Click your native application.
- In the
API ACCESSsection, click Required permissions. - Click Grant Permissions and confirm.
Steps in Crowd
After you've created two applications in your Azure Portal, you can use them to add Azure AD to Crowd.
- Log in to the Crowd Administration Console.
- In the top navigation bar, click Directories.
- Click Add Directory, and then select Azure Active Directory as type.
- Fill out the required fields. Apart from the usual info, like name and description, you'll need to have IDs of the web and native applications that you just created in your Azure Portal.
Before continuing, you can verify correctness of filled fields by clicking "Test Connection".
You've added your Azure AD to Crowd. You should now see a brief summary of your directory, and details about the synchronization.
In some cases, the synchronization might be failing at first because the new permission wasn't yet propagated in Azure AD. Just wait a few minutes, the problem will fix itself.
Crowd will automatically pull data from Azure AD. If that doesn't happen, you can click Synchronise now. Once the synchronization is complete, you can check your users and groups from Azure AD by going to Users/Groups in the top navigation bar.
Field mapping
The following tables show how fields in Azure AD are mapped to those in Crowd. We're comparing Azure AD's API fields with Crowd's UI fields.
Users
| Azure AD | Crowd |
|---|---|
| userPrincipalName | Username |
| displayName | Display name |
| givenName | First name |
| familyName | Last name |
| accountEnabled | Active |
| id | External ID |
| E-mail address |
Groups
| Azure AD field | Crowd field |
|---|---|
| displayName | Name |
| description | Description |
| id | External ID |