Importing users with Microsoft Graph

Microsoft configuration

An app must be registered via the  Azure Portal > app registrations. The app needs to have the application (type application) API permissions "Group.Read.All" and "User.Read.All". In addition, application permissions can only be consented by an administrator. Thus, the administrator approval in the permission configuration is required.

 

COYO configuration

Within COYO, the configuration is very similar to the LDAP protocol. Under the administration, you choose the tab "User directories" and select "Microsoft Graph" for type.

The following fields need to be configured to establish the connection. The tenant identifier can be found in Azure portal > Properties:


Bildschirmfoto_2021-02-04_um_11.21.42.png

In the tab "User", it can be decided to use "mail" or "userPrincipalName" as the users' identifier:

Bildschirmfoto_2021-06-07_um_13.30.28.png

 

To filter users and groups you can use Microsoft Graph filters

Example:
Filter all users whose email address ends in '@coyo4.com':

endsWith(mail,'@coyo4.com')

Filter all groups starting with 'COYO_'.

startswith(displayName, 'COYO_')

To write and test your own filters, Microsoft Graph Explorer is recommended.

 

The rest of the config works exactly as you know it from configuring your user sync e.g. via LDAP-protocol.

 

Missing something?

You feel that an article is missing? You would like to see a webinar or a video on a certain topic?

Get in touch